Skillv1.0.0

ClawScan security

Nyne Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 8:09 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's runtime instructions match a people-search API, but its declared metadata is inconsistent (missing required env vars and undeclared binary dependencies) and it instructs the agent to surface sensitive PII — review before installing.
Guidance: This skill's instructions implement a people-search API and request an API key + secret, but the registry metadata does not declare those env vars or the runtime binaries (curl, jq, python3) used in examples. Before installing: 1) Confirm you trust api.nyne.ai and understand billing/credits for email/phone enrichment. 2) Ensure the agent environment has curl, jq, and python3 or update the skill metadata to declare them. 3) Be aware the skill will surface potentially sensitive PII (emails, phone numbers, work history); confirm this is legally and ethically acceptable for your use. 4) Avoid echoing secrets into logs or shells; if you must verify env vars, use safer checks (e.g., check for non-empty values rather than printing fragments). 5) If you need stronger guarantees, ask the author to fix the metadata (declare NYNE_API_KEY and NYNE_API_SECRET as required env vars and list required binaries) and to document privacy/retention behavior for returned profiles.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly implements a people-search integration with Nyne (query submission, polling, showing profiles and optional contact enrichment). Requesting API key/secret and returning emails/phones is coherent with a people-search service. However, the registry metadata lists no required environment variables or binaries while the instructions require NYNE_API_KEY and NYNE_API_SECRET and use curl, jq, and python3 — a metadata/instruction mismatch.
Instruction Scope: concernInstructions direct the agent to display 'all returned data' for each profile (including emails, phone numbers, work history, education, patents), which is expected but high privacy/PII exposure. The SKILL.md also defines helper shell functions and writes results to /tmp/nyne_search.json. It echoes a partial secret for verification, which can leak secrets into shell history or logs. The instructions do not attempt to exfiltrate data to unexpected endpoints, but they do instruct broad disclosure of personally identifiable information — confirm legal/privacy appropriateness.
Install Mechanism: concernThere is no install spec (instruction-only), which is low risk for code execution. However, the runtime examples assume availability of curl, jq, and python3; the skill metadata did not declare these required binaries. That mismatch can lead to runtime failures or hidden assumptions about the agent environment.
Credentials: concernThe SKILL.md requires NYNE_API_KEY and NYNE_API_SECRET — appropriate for the API — but the registry metadata claims no required env vars or primary credential. This is a substantive inconsistency. Also note the skill enables optional flags that incur credit costs and return sensitive contact details; ensure the API key's billing and access scope are understood before use. The practice of echoing parts of secrets can leak them to logs or histories.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not include install-time modifications or cross-skill config changes. It is user-invocable and allows autonomous invocation by the model (default), which is normal — no extra persistence privileges are requested.