Beta Lead Scoring
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a simple local CSV lead-scoring script with no network or credential access, but its documentation overstates the included ML/SHAP functionality and leaves dependency setup unclear.
This looks safe to run locally on a copy of a lead CSV, but do not assume it is a real LightGBM/SHAP model. Review the simple scoring formula, install dependencies from trusted sources if needed, and choose the output path carefully to avoid overwriting files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might rely on the output as AI/SHAP-based lead prioritization even though the included code uses a simple deterministic scoring formula.
This shows the implementation is not actually the LightGBM + SHAP model advertised in SKILL.md, so users should not over-trust the scores as a trained ML explanation system.
# Simple rule-based scoring (placeholder for real ML model) # In production: use trained LightGBM model
Treat this as a demo or placeholder unless a real trained model and SHAP implementation are added and reviewed.
The skill may fail until dependencies are installed, and users must choose trusted package sources themselves.
The skill mentions Python package requirements, but the registry requirements only declare python3 and there is no install spec, so dependency setup is manual and not pinned by the artifact.
MIT-0 License | Requires: python3, lightgbm, shap, pandas
Install any needed Python packages from trusted sources, preferably in a virtual environment, and consider adding a pinned requirements file.