AfrexAI Lead Hunter Pro
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-lead-hunter Version: 1.0.0 The OpenClaw AgentSkills bundle 'afrexai-lead-hunter' is classified as benign. The `SKILL.md` and `README.md` files provide detailed instructions for an AI agent to perform B2B lead generation, enrichment, scoring, and outreach. While this process involves capabilities like web scraping, email sending, and LinkedIn interactions (which could be misused if the underlying agent platform is vulnerable), the instructions themselves are entirely aligned with the stated purpose. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's core directives. External links provided are for marketing and additional resources, not for downloading and executing arbitrary code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could contact prospects or alter sales workflows in ways that affect reputation, compliance, or business relationships if connected to email, LinkedIn, or CRM tools.
This asks the agent to take external sales-outreach actions based on automated scoring, but the artifacts do not specify approval gates, volume limits, compliance checks, or review before messages are sent.
Deploy outreach sequences based on tier assignment
Require explicit user approval before sending any outreach or writing to a CRM, and set clear limits for recipients, daily volume, allowed channels, and compliance requirements.
A scheduled agent could keep discovering, enriching, scoring, and possibly contacting leads without the user noticing each action.
The skill explicitly promotes recurring autonomous routines, which can continue operating after the initial setup if placed into a scheduler.
Autopilot mode — Daily and weekly routines your agent runs without human intervention
Do not run this in cron/autopilot until the workflow has stop conditions, logs, review checkpoints, and a simple way to disable scheduled runs.
Messages or CRM changes may appear to come from the user or their organization, so account permissions matter.
The outreach features are purpose-aligned, but they may use the user's business identity or connected email, LinkedIn, or CRM accounts if those tools are available to the agent.
Outreach sequences — Battle-tested email templates for cold, warm, and LinkedIn campaigns
Use a dedicated sales account or sandbox CRM where possible, and restrict the agent to least-privilege permissions.
Stored prospect data or web-derived enrichment may be inaccurate, sensitive, or reused in later outreach decisions.
The skill's architecture includes collecting contact details and storing lead/pipeline records for later use, which is expected for lead generation but should be handled carefully.
Email+Phone ... CRM ... Pipeline
Keep lead records scoped to the intended campaign, verify important facts before outreach, and define retention/deletion rules for collected contact data.