ClawHub

People Investigation

Security checks across malware telemetry and agentic risk

Overview

This people-search skill is openly investigative, but it also tells the agent to mine private local contacts, payments, calls, messages, and memory while building detailed dossiers.

Treat this as a high-scope Review item. Install only if you intentionally want a people-investigation tool and can restrict it: disable or remove searches of Google Takeout, Google Pay, call logs, messages, and memory unless you give explicit per-run consent; avoid SSNs, driver's license numbers, and exact home/contact details; confirm a lawful, non-harassing purpose before use; and review any generated dossier carefully before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell-style commands such as grep against local directories but declares no corresponding permissions or boundaries. Undeclared local code execution and filesystem access are dangerous because they can silently expand the skill from public OSINT into internal data mining without user awareness or platform enforcement.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
These instructions explicitly direct the agent to inspect private internal sources such as Google Takeout, payment history, call logs, memory files, and message archives, which are unrelated to a public-records investigator skill. This creates a direct path to exfiltrate highly sensitive personal data about both the target and the user from internal stores under the pretext of OSINT.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest presents the skill as public-records and web OSINT research, but the body instructs collection from local archives and private communications. This mismatch is dangerous because it disguises invasive internal surveillance behind a benign description, defeating user expectations and policy-based review.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
This script enables lookup of a person's political donation history, which is highly sensitive personal information that can be used for profiling, coercion, or discrimination. In the context of a broad people-investigation skill, this expands the skill into political-affiliation intelligence gathering without clear necessity, increasing privacy and misuse risk.

Vague Triggers

High
Confidence
90% confidence
Finding
The invocation language is extremely broad, encouraging use for 'find everything' and generalized investigations of any person. In the context of a skill that also accesses sensitive data and assembles dossiers, that breadth materially increases the risk of misuse for stalking, harassment, doxxing, or non-consensual profiling.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill tells the agent to search sensitive internal personal data sources but provides no clear warning or informed-consent mechanism to the user. Hidden access to contacts, calls, payments, and messages is especially dangerous because users would reasonably believe this is a public OSINT tool, not a private archive-mining workflow.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These references point to inmate-search and sex-offender databases, which involve highly sensitive personal data, but the file presents them as straightforward lookup resources without any privacy, legal-use, or misuse constraints. In a people-investigation skill, this materially increases the risk of doxxing, harassment, discrimination, or other abusive targeting because the skill is explicitly designed to gather information about individuals.

Missing User Warnings

High
Confidence
98% confidence
Finding
The note explicitly states that a driving-record lookup requires a driver's license number or full SSN, but gives no warning that these are highly sensitive identifiers subject to strict handling and legal restrictions. In the context of a personal-investigation skill, this can facilitate identity misuse, unauthorized record access, and collection of regulated personal data, making the risk substantially more severe than a generic reference mention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This file is a curated people-search and OSINT playbook that explicitly directs collection of sensitive personal data such as addresses, phone numbers, relatives, court records, property history, social media profiles, and contact details, but provides no privacy, legal, consent, or use-limitation guardrails. In the context of a 'personal investigator / people lookup' skill, that omission materially increases the risk of stalking, doxxing, harassment, and other privacy-invasive misuse because the resource list operationalizes how to find and correlate real-world personal information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends a target person's name and optional state to an external FEC API, disclosing a sensitive investigative query to a third party without consent flow, warning, or minimization. Even though the API is public-facing, the transmission can create privacy, audit, and misuse concerns because it operationalizes political profiling on named individuals.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script builds and prints direct links to people-search and public-record aggregation services using a target's name and optional city/state, enabling streamlined collection of personal data without any privacy, legal-use, or consent guardrails. In the context of a 'personal investigator / people lookup' skill, this materially increases the risk of doxxing, stalking, harassment, or other privacy-invasive misuse, even though the script itself does not exploit a technical flaw.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions direct the agent to collect identity anchors and sensitive personal details from internal user data sources, then use them to enrich an investigation dossier. This is dangerous because it operationalizes aggregation of deeply sensitive PII from private archives into a single report, increasing both privacy harm and abuse potential.

Ssd 3

High
Confidence
98% confidence
Finding
The report template explicitly requests phone numbers, email addresses, full addresses, family members, children, financial indicators, and legal history in a consolidated dossier. Even when some elements may be publicly obtainable, packaging them together substantially raises the risk of doxxing, stalking, targeted fraud, and other downstream privacy harms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal