ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dark Web Credential Checker

v1.4.0

Checks if email addresses or usernames appear in public data breaches and dark web leaks, reporting exposed data types and breach details.

0· 61·0 current·0 all-time
by@snipercat69

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for snipercat69/edgeiq-dark-web-credential-checker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Dark Web Credential Checker" (snipercat69/edgeiq-dark-web-credential-checker) from ClawHub.
Skill page: https://clawhub.ai/snipercat69/edgeiq-dark-web-credential-checker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edgeiq-dark-web-credential-checker

ClawHub CLI

Package manager switcher

npx clawhub@latest install edgeiq-dark-web-credential-checker
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to query public breach DBs (HIBP, DeHashed). The shipped code primarily uses a local simulated breach database and deterministic hashing rather than real API calls; it does optionally call a HIBP-like endpoint. The registry metadata lists no required env vars, but the code expects/uses EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and reads a license file under the user's home directory (~/.edgeiq/license.key). Those environment/file accesses are not declared in the registry and are not strictly necessary to perform a basic breach check, so the declared requirements don't fully match the actual behavior.
Instruction Scope
SKILL.md instructs running the provided Python script and shows examples using EDGEIQ_EMAIL; it does not document reading local license files or the exact EDGEIQ_LICENSE_KEY behavior. The runtime instructions do not instruct exfiltration or access unrelated system paths, but the code will read ~/.edgeiq/license.key and may accept EDGEIQ_LICENSE_KEY/EDGEIQ_EMAIL for licensing logic — this is not fully surfaced in the registry metadata. Network calls to public breach APIs are optional and constrained, but the documentation and code differ on some runtime details (e.g., simulated vs real queries).
Install Mechanism
No install spec is provided (instruction-only with accompanying code files). No external installers or downloads are invoked by the skill itself. This is lower risk from an install-mechanism perspective.
!
Credentials
Registry metadata declares no required environment variables, but both SKILL.md and the code use environment variables (EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY) and read a file at ~/.edgeiq/license.key and ~/.edgeiq/stripe_licenses.json. The code also contains a hard-coded developer email (gpalmieri21@gmail.com) that automatically grants 'bundle' access — an undocumented bypass that is disproportionate and surprising for this type of skill. Requesting or reading license files from the user's home directory and silently accepting a developer email as a license are behaviors that should be declared and justified but are not.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configs, and does not persist new system-wide settings. It reads a license file from the user's home directory but does not write to system-wide locations. No elevated platform privileges are requested.
What to consider before installing
This package appears to implement breach-checking but contains several inconsistencies you should consider before installing: 1) The registry lists no required env vars but the code reads EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and ~/.edgeiq/license.key — be aware it will read files from your home directory and honor environment variables. 2) The code contains a hard-coded developer email that automatically unlocks premium behavior; do not set EDGEIQ_EMAIL to that address if you want to avoid enabling extra features. 3) The implementation mostly uses a local simulated breach DB rather than the real APIs advertised; if you need authoritative results use official services (HaveIBeenPwned, DeHashed) with your own API keys. 4) Provenance is unclear (README points to a GitHub repo user that doesn't match the registry owner); prefer code from a verifiable source. Recommended actions: review the full source locally before running, run the script in a sandboxed environment, avoid supplying sensitive credentials or license keys until you trust the origin, monitor/network-inspect the process on first run to see what endpoints it contacts, and prefer known, audited breach-checking services for sensitive investigations.

Like a lobster shell, security has layers — review code before you run it.

latestvk975q2zgfyvst32kzg3h8f5n7n85hqar
61downloads
0stars
3versions
Updated 2d ago
v1.4.0
MIT-0
@snipercat69
latest
Download

Dark Web Credential Checker

Skill Name: dark-web-credential-checker Version: 1.0.0 Category: OSINT / Breach Monitoring Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently) Author: EdgeIQ Labs OpenClaw Compatible: Yes — Python 3, pure stdlib + requests, WSL + Linux

What It Does

Checks whether an email address or username has appeared in known data breaches and dark web exposures. Searches public breach databases and paste sites, extracts exposed records, and reports on the types of data leaked (passwords, personal info, payment data, etc.).

⚠️ Legal Notice: This tool queries public breach databases and dark web monitoring services. Do not use it for unauthorized access or to stalk others. For personal use only.

Features

  • Email breach search — check if an email appears in known breaches
  • Username lookup — search across breach compilations by username/handle
  • Breach source identification — lists which sites/services were compromised
  • Exposed data classification — categorizes what was exposed (passwords, emails, PII, payment data)
  • Date of breach — shows when the breach occurred
  • Password hash detection — identifies if cracked password hashes were exposed
  • JSON export — structured report for personal records or security audits

Tier Comparison

FeatureFreeLifetime ($39)Optional Monthly ($7/mo)
Email breach check✅ (3 emails)✅ (unlimited)✅ (unlimited)
Username search
Full breach source report
Exposed data classification
Password hash detection
JSON export
Dark web monitoring (monthly)

Installation

cp -r /home/guy/.openclaw/workspace/apps/dark-web-credential-checker ~/.openclaw/skills/dark-web-credential-checker

Usage

Basic email check (free tier)

python3 credential_checker.py --email "your_email@example.com"

Pro username + breach source search

EDGEIQ_EMAIL=your_email@gmail.com python3 credential_checker.py \
  --email "your_email@example.com" \
  --username "johndoe" \
  --pro

Full bundle scan with JSON report

EDGEIQ_EMAIL=your_email@gmail.com python3 credential_checker.py \
  --email "your_email@example.com" \
  --bundle --output breach-report.json

As OpenClaw Discord Command

In #edgeiq-support channel:

!breach user@example.com
!breach user@example.com --pro
!breach user@example.com --username johndoe --bundle

Parameters

FlagTypeDefaultDescription
--emailstringEmail address to check
--usernamestringUsername/handle to search
--proflagFalseEnable Pro features
--bundleflagFalseEnable Bundle features
--outputstringWrite JSON report to file
--timeoutint15Request timeout (seconds)

Output Example

=== Dark Web Credential Checker ===
Query: user@example.com

  [1m[91m🔴 BREACH FOUND — 4 exposures detected[0m

  [1m[91m🔴[0m Site: Adobe (2013)
    Exposed: Email, encrypted password, username
    Severity: HIGH — password hash exposed
    Date: Nov 2013

  [1m[93m🟡[0m Site: LinkedIn (2016)
    Exposed: Email, password (bcrypt)
    Severity: HIGH — 117M accounts sold online
    Date: May 2016

  [1m[93m🟡[0m Site: AdultFriendFinder (2016)
    Exposed: Email, username, IP address
    Severity: MEDIUM
    Date: May 2016

  [1m[92m✔[0m No breaches detected for username: johndoe

  Recommendation: Change password on all 4 affected accounts.
    Especially: Adobe and LinkedIn (passwords were cracked and sold)

  Threat Level: CRITICAL — 2 high-severity password exposures found

Pricing

Lifetime License: $39 — your tool forever, all features included permanently. Optional Monthly: $7/mo — for those who prefer recurring billing (cancel anytime). 👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo 👉 Subscribe Monthly — $7/mo

Pro Upgrade (deprecated)

All features now included in Lifetime purchase.

Data Sources

Public breach databases including (but not limited to):

  • Have I Been Pwned (HIBP) API
  • Leak detection from public paste bins
  • Known breach compilations (DeHashed, LeakCheck, etc.)

Support

Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
  • 📸 Screenshot API — URL-to-screenshot API for developers
  • 🔔 uptime.check — URL uptime monitoring with alerts
  • 🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

Comments

Loading comments...