Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
people-search
v1.0.0Search, qualify, and enrich people and companies. Use this skill whenever the user wants to find professionals, candidates, or KOLs by title, company, locati...
⭐ 0· 47·0 current·0 all-time
byLessie AI@lessieai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (search & enrich people/companies) align with the runtime instructions: CLI and MCP modes call Lessie tools (find-people, enrich-people, enrich-org, web-search, web-fetch, etc.). Required capabilities and commands are coherent with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to: detect and auto-install the Lessie CLI (npm install -g @lessie/cli or npx), run auth flows that open a browser and store a token at ~/.lessie/oauth.json, call remote tools and generic 'lessie call' (which sends arbitrary JSON to the remote server), and resolve domains via web_search/web_fetch. These are largely expected, but the mode-detection flow includes an automatic npm install step (no explicit requirement to ask the user before attempting installation), and the skill will activate whenever the user mentions finding people — this wide trigger plus auto-install increases risk of unexpected network activity. The instructions also propose adding entries to various MCP config files and using MCP server tooling to connect to app.lessie.ai, which reaches beyond local-only behavior.
Install Mechanism
There is no registry install spec in the package manifest, but the README instructs use of npm / npx to fetch @lessie/cli and @lessie/mcp-server from the npm registry. Using npm/npx to run remote code is a common pattern but has moderate risk because it executes code fetched from the public registry at runtime; no direct binary downloads from arbitrary URLs are used. The instruction to auto-install globally (npm install -g) is more intrusive than a purely instruction-only skill that simply calls preinstalled tools.
Credentials
The skill declares no required environment variables or credentials, which matches the registry metadata. However, runtime behavior includes creating/using ~/.lessie/oauth.json to cache auth tokens and optionally setting LESSIE_REMOTE_MCP_URL for MCP usage. The SKILL.md also instructs modifying user MCP config files (e.g., ~/.claude/mcp.json, ~/.cursor/mcp.json) to add the Lessie MCP server entry — this touches configuration files belonging to other clients and thus expands the scope of what the skill may read/write beyond its own folder.
Persistence & Privilege
always:false (good), but the skill's instructions include persisting an OAuth token under ~/.lessie and recommend adding entries to other clients' MCP config files to enable an MCP server. Running npx @lessie/mcp-server (via the MCP entry) would run remote code and register a remote tool endpoint that interacts with a third-party server (app.lessie.ai). That level of persistence and potential background connectivity is significant; it's not flagged in the manifest and could be surprising if performed automatically. Autonomous invocation by the model is allowed by default — combine that with auto-install and MCP server setup and the blast radius increases.
What to consider before installing
This skill appears to be a wrapper for the Lessie people-search service and mostly behaves as expected, but pay attention to these practical risks before installing or letting the agent run it automatically:
- Installation and execution: The SKILL.md tells the agent to auto-install the Lessie CLI via npm/npx if not found. npm/npx will fetch and run code from the public registry — prefer to install the CLI yourself manually (verify package identity and versions) rather than allowing an agent to run npm install -g automatically.
- Authentication and tokens: Authorization uses a browser flow and caches a token at ~/.lessie/oauth.json. Be aware an OAuth token stored in your home directory will be used for subsequent calls and may allow the Lessie server to access queries and results. If you want to control token location or lifetime, perform auth yourself and inspect ~/.lessie/oauth.json.
- MCP config edits & remote MCP server: The skill encourages adding a Lessie MCP entry to other tools' MCP config files (e.g., ~/.claude/mcp.json) and running an MCP server that connects to https://app.lessie.ai. Editing other clients' config or running a background MCP server gives a remote service broader access and can be surprising—only do this if you trust Lessie and have reviewed the URL and package sources.
- Auto-activation scope: The skill is meant to trigger on generic mentions of 'finding people' or 'sourcing' and may attempt network actions. If you prefer tight control, require explicit user consent before installing or invoking the skill.
- Data & compliance: The skill will send search queries and profile data to Lessie's service. Make sure this is acceptable for your data sensitivity and legal compliance (GDPR, CAN-SPAM, etc.).
- Mitigations: (1) Install the CLI yourself in a controlled environment and vet the npm package; (2) refuse automatic global installs; (3) avoid or review MCP config changes; (4) run the skill in a sandbox or isolated account if you need to test it; (5) read Lessie's privacy policy and terms and confirm the app.lessie.ai domain is legitimate before enabling MCP server.
Given these trade-offs, only enable automatic installs or MCP server registration if you trust the Lessie service and are comfortable with tokens and config changes in your user profile.Like a lobster shell, security has layers — review code before you run it.
latestvk970001gzw2z37tsvdv86nn7tn84cgap
License
MIT-0
Free to use, modify, and redistribute. No attribution required.