Nyne Deep Research
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a clear wrapper for Nyne’s API, but it enables broad, invasive profiling of any person and sends identifiers/results through a third-party service without clear consent, privacy, or scoping controls.
Install only if you are comfortable sending person identifiers to Nyne and receiving detailed dossiers. Use it only for authorized, ethical research; do not use it to stalk, manipulate, or socially engineer people. Protect the Nyne API key and secret, avoid untrusted callback URLs, and clean up temporary files containing results.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could generate invasive dossiers about people without clear authorization, creating privacy and misuse risk.
This exposes a high-impact people-intelligence API for broad use on 'any person' without artifact-backed limits such as consent, authorization checks, or explicit confirmation before submitting identifiers.
Research any person by email, phone, social URL, or name. Returns a comprehensive intelligence dossier with psychographic profile, social graph, career analysis, conversation starters, and approach strategy.
Require explicit user confirmation before each lookup, use only where the user has a legitimate and lawful reason, and add clear limits on acceptable targets and data handling.
The dossier could be used to manipulate, pressure, stalk, or socially engineer a target rather than for legitimate research.
The requested output is explicitly framed to help tailor outreach based on sensitivities, non-obvious personal findings, and strategy, which can enable manipulative or coercive interactions if misused.
Warnings & Landmines — topics to avoid, sensitivities ... Creepy-Good Insights — non-obvious findings with evidence ... Approach Strategy — best angle, topics, what not to do
Use the skill only for ethical, authorized contexts and avoid generating or acting on manipulative targeting advice.
Personal identifiers and generated dossiers may leave the local chat and be processed or delivered by third-party systems.
The skill sends person identifiers to an external provider and supports posting completed results to a callback URL, but the artifacts do not define trust boundaries, ownership checks, or privacy handling for those sensitive results.
Endpoint: POST https://api.nyne.ai/person/deep-research ... callback_url | Webhook URL to POST results when complete
Only submit data you are allowed to share with Nyne, avoid callback URLs unless they are controlled and secured, and review the provider’s data retention and privacy terms.
Users may not realize before reading the skill file that they need to provide and protect Nyne API credentials.
API credentials are expected for this integration, but the registry metadata declares no required env vars or primary credential, so the credential requirement is under-declared.
Required environment variables: - NYNE_API_KEY — your Nyne API key - NYNE_API_SECRET — your Nyne API secret
Declare the required credentials in metadata and store them in a secure secret manager or protected environment rather than exposing them in shared shell profiles.
Sensitive person-research results could remain on disk after the task, especially on shared machines.
The example workflow writes API responses to a temporary file; because the response may contain a sensitive dossier, this local storage is noteworthy even though it is user-directed.
nyne_parse > /tmp/nyne_response.json
Delete temporary response files after use and avoid running the examples on shared or untrusted systems.