People Investigation
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill can build detailed profiles of people and tells the agent to search private contacts, payments, calls, messages, and memory without clear consent or scope limits.
Install only if you intentionally want a privacy-invasive people-investigation workflow and can enforce strict limits. Prefer public-record-only use, avoid targets who have not consented unless you have a lawful reason, deny access to Google Takeout, payment, call, SMS/WhatsApp, and memory data unless absolutely necessary, and review every report for sensitive details before sharing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could produce a doxxing-style dossier with addresses, relatives, contact details, legal records, and social profiles about someone, including people who have not consented.
The skill gives the agent an open-ended mandate to use investigation tools to assemble sensitive personal information about any target, without consent, purpose, or stopping limits.
Deep background research on any person ... contact details ... Also use for "find everything about [person]", "background check", "dig up info on"
Require an explicit legitimate purpose, narrow target scope, and user confirmation before using sensitive sources; avoid collecting or returning contact details, family links, DOBs, or addresses unless clearly necessary and authorized.
Installing or invoking the skill could lead the agent to search and expose the user's private histories and communications while investigating someone else.
These are private account exports, payment records, call logs, memory, and communications, not ordinary public-record sources; the metadata declares no config paths or credential/capability boundaries for this access.
Before searching externally, check internal data sources ... Google Contacts/Takeout ... Google Pay transactions ... Call history ... Memory files ... WhatsApp/SMS history
Do not grant access to private archives by default. Require per-source approval, restrict paths to user-selected files, and clearly disclose any private account or message data used in the report.
The helper may fail if tools like curl or jq are unavailable, and running it will query external public-record services.
The helper scripts use local shell tools and outbound network requests, while the registry requirements list no required binaries. The scripts are visible and purpose-aligned, but the dependency contract is incomplete.
RESPONSE=$(curl -s "$URL") ... jq -r '.pagination.count // 0'
Review scripts before running them and declare expected helper dependencies and network behavior in the skill metadata.
Old, private, inaccurate, or task-irrelevant memory entries could be blended into a people-search report and expose sensitive personal data.
The skill treats persistent memory as an investigation source for highly sensitive personal identifiers, without retention, verification, or reuse boundaries.
Memory files — `memory_search` for the person's name ... Collect all identity anchors: full legal name, middle name/initial, DOB, phone numbers, email addresses, physical addresses
Use memory only with explicit approval, separate memory-derived claims from verified public records, and avoid storing or reusing sensitive PII across tasks.
A user may believe the skill only searches public websites while it also searches private records and communications available in the local environment.
The 'publicly available' framing conflicts with later instructions to search private local and account-derived data, which could make users underestimate what sources the agent will access.
find everything publicly available about a target person ... Before searching externally, check internal data sources ... Google Pay transactions ... Call history ... WhatsApp/SMS history
Make the default mode public-records-only, clearly label any private-source mode, and ask for explicit confirmation before accessing private archives or account exports.