ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Investigator

v2.1.0

Investigate public online footprints using open-source intelligence techniques. Use when a user wants to research a username, email, person, company, domain,...

1· 166·0 current·0 all-time
by@elyasuuuuu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included scripts and references: username/email/domain/IP/profile checks, optional HIBP breach checks, variant generation, aggregation and report building. Optional API integrations (HIBP, Shodan, Google Maps, Hunter) are documented and make sense for OSINT enrichment.
!
Instruction Scope
SKILL.md restricts activity to public data and points to specific helper scripts and web_search/web_fetch; however several scripts (notably scripts/check_domain.py) invoke shell commands via subprocess.check_output(['bash','-lc', f'whois {domain} | ...']) and use dig/ whois through shell. Those commands interpolate unsanitized user input into a shell command, creating a risk of command injection if the skill or agent invokes these scripts with attacker-controlled input. Scripts also perform network calls to third-party endpoints (ipinfo, ip-api, rdap, HIBP), which is expected for OSINT but means data about investigated inputs will be sent externally. The SKILL.md does not explicitly require input sanitization or warn about shell invocation risks.
Install Mechanism
No install spec (instruction-only) — low install risk. The bundle includes Python scripts that depend on the requests library and system utilities (whois, dig) if available. Because there's no install step, files are present but not automatically executed on install; execution happens at runtime when the agent follows SKILL.md.
Credentials
The skill declares no required environment variables, which is coherent. It documents optional API keys (HIBP_API_KEY, SHODAN_API_KEY, GOOGLE_MAPS_API_KEY, HUNTER_API_KEY). check_hibp.py will read HIBP_API_KEY from the environment or from a local secret file at ~/.openclaw/secrets/hibp_api_key — this is reasonable for optional breach checks but does mean the skill can access a local secrets file if present. No unrelated credentials are requested.
Persistence & Privilege
always is false; the skill does not request persistent presence or attempt to modify other skills or system-wide agent settings. It reads optional local secret files only if configured, which is documented.
Scan Findings in Context
[subprocess-shell-invocation] unexpected: scripts/check_domain.py uses subprocess.check_output with ['bash', '-lc', f'whois {domain} | sed -n "1,80p"'] and similar dig commands. While whois/dig usage is reasonable for domain enrichment, invoking them via a shell with unsanitized domain interpolation can allow command injection. Safer patterns (avoid shell, pass args as list, or sanitize input) are recommended.
[reads-local-secret-file] expected: scripts/check_hibp.py reads HIBP_API_KEY from environment or ~/.openclaw/secrets/hibp_api_key. Reading a local secret file for an optional HIBP API key is expected for the documented HIBP integration, but users should be aware the script will access that path if present.
[external-network-calls] expected: Multiple scripts perform HTTP requests to external services (rdap.org, haveibeenpwned.com, ipinfo.io, ip-api.com, and platform profile pages). This is expected for OSINT, but means investigated inputs and derived requests will be transmitted to third parties.
[subprocess-availability-dependence] expected: scripts/check_domain.py checks for 'whois' via shutil.which and falls back to a message if not present. The skill relies on optional system binaries (whois, dig) which may not be available in all runtimes.
What to consider before installing
This skill appears coherent for defensive OSINT, but review and take precautions before enabling it: 1) Audit or sandbox execution because check_domain.py runs shell commands via bash -lc with interpolated inputs — that can lead to command injection if untrusted input is passed. Prefer running the scripts only on trusted inputs or modifying them to avoid shell interpolation (use subprocess with argument lists or Python DNS/WHOIS libraries). 2) Be aware the scripts make outbound network calls (RDAP, IP info services, HIBP, platform profile pages) so investigated identifiers will be looked up externally. 3) Only provide optional API keys (HIBP/SHODAN/GOOGLE_MAPS/HUNTER) if you trust the skill; it will read HIBP_API_KEY from your environment or ~/.openclaw/secrets/hibp_api_key if present. 4) Ensure the runtime has the needed Python dependencies (requests) and, if you prefer, replace shell-based whois/dig calls with safer library calls. If you cannot audit or sandbox the code, consider treating this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dazsqkgvdxph6a9gjscsgd830yv5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments