Is andrewchen-oss/nuwa-world-osint-human-research safe?

https://github.com/openclaw/skills/tree/main/skills/andrewchen-oss/nuwa-world-osint-human-research

87
SAFE

This skill provides legitimate API documentation for Nuwa World's OSINT services including face search and deep research capabilities. While the functionality raises privacy concerns due to external data transmission and face recognition features, the skill itself contains only documentation with no malicious code or hidden functionality.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (4)

MEDIUM Face Image Upload to External Service -15

The skill enables uploading face images to gateway.nuwa.world for search purposes, which could raise privacy concerns if sensitive images are processed.

MEDIUM User Queries Sent to Third-Party API -10

Deep research queries containing potentially sensitive information are transmitted to an external service.

LOW Sensitive File Access During Installation -15

System processes accessed honeypot files (.env, SSH keys, AWS credentials) during installation, but not by the skill itself.

MEDIUM OSINT Functionality Privacy Implications -30

The skill's stated purpose of face search and human research could be misused for stalking, harassment, or unauthorized surveillance.