ClawHub

OpenMerch People Search

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it can guide users from people search into richer personal-data enrichment that is not fully reflected in the short install description.

Install only if you are comfortable sending your search terms and OpenMerch API key to OpenMerch and using a paid people-data service. Treat any enriched results such as emails, LinkedIn URLs, or full names as sensitive personal data, use them only for lawful and authorized purposes, minimize storage and sharing, and verify that the base URL points to the intended OpenMerch endpoint before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest describes a people-search skill, but the documentation also instructs users to perform full person enrichment that can return email addresses, full names, LinkedIn URLs, and other personal data. This expands the effective capability and data sensitivity beyond the declared scope, which can mislead users, bypass review expectations, and cause unanticipated processing of personal data.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation states the skill executes a single atomic OpenMerch job, yet also provides a separate enrichment workflow that effectively broadens the operational flow and capability. This inconsistency can misrepresent how the skill is meant to be used, undermining policy review, user consent, and safe orchestration boundaries.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata says it performs a simple people search returning names, titles, and company names, but the implementation uses the job type "people_enrichment_v1" and returns the full raw provider output. That creates a scope mismatch: callers may receive additional personal or profile data not disclosed by the manifest, increasing privacy and data-minimization risk.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill returns `cost_usd` and `job_id` to the caller even though they are not necessary for a simple people-search function. Exposing internal billing and job-tracking metadata can leak operational details about backend usage patterns and enable unnecessary correlation or follow-on access attempts against job records.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The comments describe the script as a people-search tool, but the code and notes indicate enrichment-oriented behavior and mention using returned identifiers for fuller profile retrieval. This kind of misleading documentation is dangerous because it can cause reviewers, platform operators, or users to under-assess the privacy sensitivity and data exposure of the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The enrichment section explicitly describes obtaining full names, email addresses, LinkedIn URLs, and related profile data, but provides no privacy, retention, consent, or handling guidance. In a people-search context, omission of privacy safeguards increases the risk of collecting, exposing, or misusing personal data without adequate controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example explicitly instructs users to run a follow-on enrichment job that may return full name, email, LinkedIn URL, and other professional profile data, but it provides no privacy, consent, acceptable-use, or data-handling warning. In a people-search skill, this omission can normalize bulk personal data enrichment and increase the risk of misuse, especially for targeted outreach, scraping, or profiling.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal