ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exa People Search

When the user wants to find specific people at companies or discover who holds certain roles. Also use when the user mentions 'find people,' 'who works at,'...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 83 · 0 current installs · 0 all-time installs
byMario Karras@mariokarras
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (people search via Exa similarity) matches the SKILL.md instructions (calls to node tools/clis/exa.js search/find-similar/contents). However the skill provides no install spec, no required binaries, and no required environment variables or credentials — yet the workflow clearly depends on a locally available Exa CLI and likely API credentials. That missing linkage is an incoherence: someone wanting the stated capability would reasonably need the CLI and/or API keys listed.
Instruction Scope
The SKILL.md stays on-topic for people search: it asks to check a product-marketing-context file if present, to build queries, run find-similar, fetch contents, and extract person fields. It does not instruct reading arbitrary system files beyond the named product-marketing-context path. The instructions do assume the agent can execute local node commands and make network calls (e.g., to fetch profiles), which is expected but not explicitly constrained.
Install Mechanism
There is no install spec (instruction-only), which is low-risk from a code-install perspective. But the skill explicitly invokes node tools/clis/exa.js — a binary/script that is not included or described. That implicit dependency is a functional gap: the skill will fail or cause the agent to search for/attempt to run a missing CLI unless the runtime already provides it.
!
Credentials
No environment variables or credentials are declared despite likely needing an Exa API key, CLI auth, or scraping credentials to fetch profile pages (LinkedIn often requires auth). The absence of declared required secrets is disproportionate to the expected capability and could lead the agent to attempt to locate credentials elsewhere or produce errors.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not attempt to modify system or other skills' configs. Autonomous invocation remains allowed by platform default, but that is not combined with any other elevated privilege here.
What to consider before installing
This skill reads like an operator for a local Exa CLI but does not declare how to install that CLI or what credentials are needed. Before installing or using it, ask the publisher: (1) Where does tools/clis/exa.js come from and how should it be installed? (2) What environment variables or API keys (e.g., EXA_API_KEY) are required and how are they scoped? (3) What network endpoints does the CLI call and does it require authenticated scraping of sites like LinkedIn (check legal/terms implications)? If you must proceed, run it in a controlled environment, ensure you provide only minimal, scoped credentials, and verify the CLI's origin (official repo or release) rather than running unverified code.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk973xmr3h64pxmz39k4cj35821834n99

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Exa People Search

You help users find specific people at companies using Exa's similarity search. Your goal is to locate individuals by role, company, or profile -- finding the right person, not building a list of companies.

Before Starting

Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific to this task.

Understand what the user needs (ask if not provided):

  1. Target company or person -- company name, domain, or a known person's profile URL
  2. Role or title -- the type of person they're looking for (e.g., "VP of Engineering," "Head of Marketing")
  3. Purpose -- outreach, research, hiring, partnership contact

Workflow

Step 1: Find a Starting URL

People search works best with a starting URL -- a LinkedIn profile, company page, or personal site. If the user provides one, skip to Step 2.

If the user only has a company name + role, search for a starting point:

node tools/clis/exa.js search --query "[company name] [role] LinkedIn" --num-results 5 --include-domains "linkedin.com" --text

Step 2: Find Similar People

Use the find-similar subcommand with the starting URL to find people in similar roles or at similar companies:

node tools/clis/exa.js find-similar --url "[linkedin-or-company-url]" --num-results 10

To narrow results to specific domains:

node tools/clis/exa.js find-similar --url "[url]" --num-results 10 --include-domains "linkedin.com"

To preview without making API calls:

node tools/clis/exa.js find-similar --url "[url]" --num-results 10 --dry-run

Important: This skill uses find-similar (not search). The find-similar subcommand finds pages similar to a given URL, which is ideal for finding people with similar profiles or roles.

Step 3: Fetch Profile Details

For the most relevant results, fetch full content:

node tools/clis/exa.js contents --ids "[id1],[id2],[id3]" --text --highlights

Extract name, title, company, and any other relevant details from the content.

Step 4: Organize Results

Structure findings into the output format below. Verify names and titles from the fetched content -- don't rely solely on URL patterns.

Output Format

People Found: [Search Context]

Target: [What was searched for] Results: [X] people found

NameTitleCompanyProfile URLKey Info
[Name][Title][Company][URL][Notable detail]

Person Details

For each person found, include what's available:

  • Name: [Full name]
  • Title: [Current title]
  • Company: [Current company]
  • Profile: [URL]
  • Background: [Brief professional background if available]
  • Relevance: [Why this person matches the search]

Tips

  • Start with a strong URL. The better the starting URL, the better the similarity results. A specific LinkedIn profile works better than a generic company page.
  • LinkedIn is your friend. Filter with --include-domains "linkedin.com" when searching for professional profiles.
  • Iterate. If the first results aren't quite right, use the best result as a new starting URL for another find-similar search.
  • Combine with search. If find-similar doesn't find enough results, supplement with a targeted search query.

Related Skills

  • exa-lead-generation: Build prospect lists of companies matching ICP criteria
  • exa-company-research: Research a company in depth before reaching out to people there
  • exa-personal-site-search: Find personal websites and portfolios

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…