ClawHub

Fake Identity Generator (With Email)

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent and instruction-only, but it is designed to create realistic fake identities with government-style IDs and a working temporary email account.

Review carefully before installing. This skill has no local code execution risk, but its main function can help create realistic identity packages and working disposable email accounts. Prefer safer synthetic test-data tools that use clearly fictional placeholders, invalid official IDs, reserved email domains, and no live mailbox creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger is broad enough to activate on vague requests such as 'fake profile' or similar wording, which increases the chance the skill is invoked for deceptive or fraudulent use cases without sufficient contextual checks. In this specific skill, that risk is amplified because the skill is designed to produce realistic identities and provision temporary email accounts, making unintended or abusive activation more dangerous.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This skill explicitly generates realistic fake identities across nationalities and ethnicities and includes highly sensitive fields such as government IDs, tax IDs, addresses, phone numbers, and a working temporary email account. The combination materially enables impersonation, fraud, account abuse, and synthetic identity creation; the confirmation flow does not mitigate the underlying harmful capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal