ClawHub

people-search

Security checks across malware telemetry and agentic risk

Overview

This is a real people-search integration, but it needs review because it can auto-install unpinned tooling, use a persistent Lessie login, spend credits, and retrieve personal contact details.

Install only if you trust Lessie with your search queries and are comfortable with account login, local OAuth token storage, credit spending, and contact enrichment. Review or install the npm packages yourself, keep confirmations enabled for paid actions, avoid personal-email enrichment unless you have a lawful and appropriate use, and remove ~/.lessie/oauth.json when you no longer want the agent to access the account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill’s trigger guidance is intentionally broad enough to activate on many generic requests involving people, companies, prospecting, or research. In an agent environment, this can cause unintended invocation of a third-party enrichment/search workflow, potentially leading to unnecessary external data disclosure, unexpected credit spend, and privacy-sensitive lookups without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference explicitly documents enrichment of people and retrieval of personal emails without any privacy notice, consent requirement, or usage restriction. In a people-search skill whose purpose is sourcing contacts and business intelligence, this materially increases the risk of doxxing, non-consensual personal-data collection, and misuse of sensitive contact information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal