optional-skills/security/unbroker/README.md
An agent-native skill that finds a consenting person's exposed personal information across data brokers and people-search sites and removes it. It runs automatically wherever it can, and hands off to a human only where a site demands a CAPTCHA it cannot clear, a government ID, a phone call, or a fax.
<p align="center"> </p>Hundreds of data brokers publish people's names, current and prior addresses, phone numbers, emails, relatives, and property records. That exposure fuels doxxing, stalking, harassment, and identity theft. Removing the data is the documented antidote, but it is high-volume work, full of dark patterns, and perishable (brokers re-list you). Commercial services such as EasyOptOuts, Incogni, and DeleteMe solve this for a fee, but they are closed, and you hand a company you know nothing about the exact data you are trying to erase.
unbroker brings those core capabilities together (EasyOptOuts' automation breadth, Incogni's legal-request engine, DeleteMe's verification and reporting) as a transparent, auditable, self-hosted skill that the user's own agent runs. It is multi-tenant (manage yourself, family, or clients, each isolated), consent-gated, and built for maximum automation with a human fallback. Scope is US-first, with EU/UK (GDPR) and global coverage on the roadmap.
The design is Hermes-native: a small deterministic Python CLI (scripts/pdd.py) owns the state
(config, dossiers, broker DB, tier planning, ledger, drafts, reports), while the agent does the
scanning and submitting with native tools (web_extract, browser_*, email, cronjob,
delegate_task). SKILL.md is the authoritative reference.
hermes skills install official/security/unbroker
Then start a new Hermes session and drive it (below). The skill works zero-config; a few optional
env vars unlock more automation (all documented in SKILL.md under Prerequisites):
BROWSERBASE_API_KEY: the recommended default browser. A real residential-IP cloud browser that
clears soft/managed CAPTCHAs (Turnstile, hCaptcha/reCAPTCHA checkbox) as normal operation, so
those brokers stay automated. It is not a solver and does not defeat hard challenges.pdd.py setup --email-mode browser, no stored
password; the agent sends opt-outs and opens verification links through your logged-in webmail),
or EMAIL_ADDRESS + EMAIL_PASSWORD for SMTP send + IMAP verification. Without either, it
falls back to writing drafts for you to send.age binary: at-rest encryption of dossiers and ledgers.google-workspace skill: a shared Google Sheets status tracker.Drive it from a Hermes session:
"Use the unbroker skill to remove my data from data brokers. Here is my consent. Run it hands-off and show me the human-task digest at the end."
The agent configures itself (setup --auto selects programmatic email if EMAIL_* creds exist, the
cloud browser if available, and encryption if age is installed), records your consent, then drains
the autonomous queue: scan, opt out (parents first), send and verify emails, schedule re-checks. You
hear from it twice: at intake, and with one digest of anything only a human can do.
The underlying CLI (run via terminal, as python3 scripts/pdd.py <cmd>):
| Command | Purpose |
|---|---|
pdd.py setup --auto / doctor | Self-configure (most-autonomous valid config) and readiness check |
pdd.py intake | Create a consenting subject (captures aliases, multiple emails/phones, prior addresses) |
pdd.py next | The loop driver: ordered agent actions right now, the human digest, and the next wake time |
pdd.py brokers / refresh-brokers | List people-search brokers, or pull the latest BADBOOL list plus the CA registry |
pdd.py registry | State data-broker registry coverage (CA ~545 ingested; VT/OR/TX portals); --search to find one |
pdd.py drop | The CA DROP one-shot: delete from all registered brokers in a single request |
pdd.py plan | Per-broker tier, method, search vectors, and the exact fields to disclose |
pdd.py fanout | Batch brokers into parallel delegate_task subagents |
pdd.py record | Update the ledger (validated state machine); auto-stamps recheck dates |
pdd.py send-email | Render and send an opt-out / CCPA / GDPR request (recipient locked to the broker's own address) |
pdd.py poll-verification / verify-link | Resolve email-verification links (IMAP poll, or browser-mode from pasted text) |
pdd.py render-email | Draft-only fallback (least-disclosure) |
pdd.py due / tasks | Recheck queue for cron, and the consolidated human-task digest |
pdd.py status / report | Per-subject status, plus optional Google Sheets rows |
pdd.py next): scan, opt out parents-first, send and verify emails,
re-check on schedule, all without pausing to ask. Human-only work (gov-ID sites, phone callbacks,
hard-CAPTCHA sites) accumulates silently into a single end-of-run digest (pdd.py tasks).pdd.py next surfaces it as the highest-leverage action.age at-rest
encryption of dossiers, and everything local. The skill ships placeholder data only.85 hermetic tests (no network, browser, or email; SMTP and IMAP are exercised through injected fakes):
scripts/run_tests.sh tests/skills/test_unbroker_skill.py # CI-parity harness
python3 tests/skills/test_unbroker_skill.py # dependency-free fallback runner
0600, optionally
age-encrypted), with opaque ids.v1.0. The deterministic engine, the autonomous loop, the verified cluster-parent deletion lanes, and full broker-registry coverage (the CA Data Broker Registry plus the DROP one-shot) are built and covered by 85 hermetic tests. The skill ships placeholder data only. Live agent-driven submission against broker sites is the active field-testing frontier.
This is not legal advice. Only operate on people who have authorized removal of their own data. Removing data from brokers reduces exposure but does not guarantee total erasure. Public records (voter, property, court) and offline vectors are out of scope.