Investigator

WarnAudited by ClawScan on May 18, 2026.

Overview

This is mostly a coherent public-OSINT helper, but one domain lookup script can pass a crafted domain into local shell commands.

Review before installing. The OSINT behavior is disclosed and includes useful safety limits, but avoid running the domain helper on untrusted or oddly formatted domains until the shell-injection issue is fixed. Only use the skill for legitimate public-footprint checks, and configure HIBP or other provider keys only if you are comfortable sending those target identifiers to the relevant services.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI05: Unexpected Code Execution

What this means

A malicious or malformed domain target could run commands on the user's machine with the agent's permissions.

Why it was flagged

A user-provided domain is interpolated directly into bash -lc commands without validation or shell quoting, so shell metacharacters in the target could execute arbitrary local commands.

Skill content

domain = sys.argv[1].strip() ... 'dns_a': run(['bash', '-lc', f'dig +short {domain} A']), 'dns_mx': run(['bash', '-lc', f'dig +short {domain} MX'])

Recommendation

Replace bash -lc with argument-list subprocess calls, validate domains against a strict hostname/IDNA allowlist, reject shell metacharacters, and require review before running local network-enrichment helpers.

Low

#ASI03: Identity and Privilege Abuse

What this means

If configured, the skill can use the user's HIBP API key and send queried email addresses to Have I Been Pwned.

Why it was flagged

The skill can use a local HIBP API credential; this is purpose-aligned for breach checks, but users should know the registry metadata does not declare a primary credential.

Skill content

key = os.environ.get('HIBP_API_KEY') ... p = Path.home() / '.openclaw' / 'secrets' / 'hibp_api_key'; if p.exists(): return p.read_text().strip()

Recommendation

Declare the optional credential in metadata, keep the key scoped and private, and only run HIBP checks for legitimate defensive purposes.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Target IPs may be visible to third-party services or network observers, and plaintext responses could be tampered with.

Why it was flagged

The IP helper sends the target IP to external enrichment providers, including one plaintext HTTP endpoint; this is aligned with OSINT enrichment but affects confidentiality and result integrity.

Skill content

'ipinfo': fetch(f'https://ipinfo.io/{ip}/json'), 'ip_api': fetch(f'http://ip-api.com/json/{ip}')

Recommendation

Prefer HTTPS-only providers where possible, disclose provider destinations, and confirm before sending sensitive target identifiers to external services.