ClawHub

OSINT Investigator

Security checks across malware telemetry and agentic risk

Overview

This OSINT skill is not overtly malicious, but it gives the agent broad profiling authority and asks it to collect and store sensitive credentials.

Install only if you need a powerful OSINT workflow and can strictly scope its use. Do not paste personal account passwords into chat, prefer limited API tokens stored outside the skill, avoid investigating private individuals without consent or a clear lawful basis, and run the PDF generator only in an isolated environment if you accept the dependency-install behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to collect and persist third-party credentials and API keys in a local config file, which is not necessary for basic public-source OSINT. Storing secrets gathered through chat materially increases the risk of credential leakage, misuse, or unintended reuse by the agent or other local processes.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill adds local file writing and shell-based PDF generation with automatic package installation, which exceeds the core OSINT function and introduces side effects on the host. Automatic installation and report writing can be abused to persist artifacts, alter the environment, or pull unreviewed code from package repositories.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill claims to use only publicly available information but also documents authenticated access to content behind login walls using stored credentials. This mismatch can mislead users and reviewers about the sensitivity of the activity and may enable access patterns that exceed the intended public-only boundary.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation contains contradictory guidance: it says to use only publicly available data while elsewhere recommending credentials to access login-gated content. Such contradictions make unsafe behavior more likely because the agent may justify credentialed collection under a misleading 'public OSINT' label.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The 'High-value dorks' section includes searches for credential exposure, leaked spreadsheets, and admin/login endpoints, which materially expand the skill from passive OSINT into discovery of sensitive data and potentially security-relevant targets. In an OSINT-investigation skill, these examples lower the barrier to misuse for account compromise, data harvesting, or unauthorized targeting, even if they only reference publicly indexed content.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script automatically installs a Python package at runtime, which modifies the host environment without explicit user consent and goes beyond merely generating a PDF. This creates supply-chain and environment-integrity risk: a compromised package, malicious dependency, or unexpected install target could affect the system running the skill.

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger phrases are extremely broad and overlap with ordinary requests like 'who is' or 'look up', increasing the chance the skill activates unexpectedly. Because this skill performs expansive investigation and correlation on people and identifiers, accidental invocation can lead to over-collection and privacy harm.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup flow asks users to paste API keys and passwords into chat for later storage, but it does not provide a strong, upfront warning about the security and privacy implications of sharing secrets conversationally. Chat capture and transcript retention can expose those secrets beyond the local config file itself.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly teaches how to extract personal data from social platforms and emphasizes doing so without authentication, but provides no privacy, legality, or misuse warnings. In an OSINT skill, that omission materially increases risk of stalking, harassment, and non-consensual profiling because users are encouraged to aggregate sensitive personal information with no safeguards.

Missing User Warnings

High
Confidence
97% confidence
Finding
The image section describes EXIF extraction, GPS-only extraction, reverse search, and visual geolocation techniques without warning that these methods can reveal home/work locations, travel patterns, and other highly sensitive location data. In combination with the broader OSINT workflow, this supports precise location inference and deanonymization of a target.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script writes a generated PDF to disk automatically in a user-specified or default directory without any explicit user warning, confirmation, or visibility beyond a final success message. In an agent skill focused on OSINT investigations, the PDF may contain sensitive intelligence about people or organizations, so silent persistence increases privacy and data-handling risk if the user does not realize a local artifact was created.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The script performs pip installation with only a generic status message and no meaningful warning that it may alter the system or user environment. Users may not realize the script is making persistent changes, increasing the chance of unintended package installation and reducing informed consent around a risky operation.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs the user to paste API keys and passwords directly into chat, then save them locally. This is dangerous because secrets may be logged in conversation history, visible to the model runtime, and reused or exposed outside the user's intended trust boundary.

Ssd 3

High
Confidence
99% confidence
Finding
The supported integrations include collection of platform login credentials, including usernames/emails and passwords, to access social platforms. Soliciting personal account credentials for scraping creates significant risk of account compromise, policy violations, and unauthorized access to non-public data.

Ssd 3

Medium
Confidence
95% confidence
Finding
The document is a structured playbook for compiling sensitive personal data across many public sources, including interests, employers, social links, email leaks, public records, and location clues. Even if each source is public, the aggregation itself amplifies privacy risk and enables profiling, impersonation, social engineering, doxxing, and stalking.

Ssd 4

Medium
Confidence
93% confidence
Finding
This section presents a stepwise workflow from reverse image lookup to EXIF extraction to visual geolocation, which meaningfully lowers the barrier to deanonymization. In the context of an OSINT investigation skill, the narrative structure is especially risky because it operationalizes targeted profiling of individuals rather than merely describing general platform capabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal