ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clearbit

v1.0.0

Clearbit — person enrichment, company enrichment, prospecting, and reveal (identify website visitors).

0· 410·0 current·0 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, declared env var (CLEARBIT_API_KEY) and implemented functionality align: the script calls Clearbit endpoints for person/company enrichment, prospecting, reveal, and name-to-domain lookups. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md instructs running the bundled CLI and only documents the CLEARBIT_API_KEY requirement. The implementation will additionally attempt to read a .env file from either the path pointed to by WORKSPACE or ~/.openclaw/workspace/.env to find the key if the env var is not set — this behavior is not documented in SKILL.md but is limited to locating the API key. The script makes direct HTTP requests only to Clearbit (person.clearbit.com).
Install Mechanism
No install spec; code is provided as a single Python stdlib-only script. No downloaded archives or external install actions are present, so nothing extra is written to disk beyond the included files.
Credentials
Only CLEARBIT_API_KEY is required (declared as primaryEnv), which is proportionate. However the script will read the WORKSPACE env var (if present) and will open a .env file under that workspace or ~/.openclaw/workspace/.env to extract the key — access to WORKSPACE and reading a .env file are not declared and may be surprising if that .env contains other secrets.
Persistence & Privilege
always is false, the skill does not request persistent installation or modify other skills/configuration. It performs only transient HTTP requests and exits.
Assessment
This skill is internally consistent for Clearbit lookups and appears safe to use, but review and consider the following before installing: 1) The script will try to read a .env file at WORKSPACE/.env or ~/.openclaw/workspace/.env if CLEARBIT_API_KEY is not set — avoid storing unrelated secrets there or set CLEARBIT_API_KEY directly in the environment. 2) The tool makes network requests to Clearbit endpoints (person.clearbit.com); only provide an API key with appropriate, limited permissions and consider a dedicated key. 3) The skill source is from a third party (agxntsix.ai / author claimed in the README); if you do not trust that source, inspect or run the script in an isolated environment. 4) Error responses are printed to stderr (may contain API error details); if you log outputs, be mindful of sensitive content. Overall the footprint is small and behavior matches its description.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dx377a5qyxwh23jwqp5b1rh81xwxh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔮 Clawdis
EnvCLEARBIT_API_KEY
Primary envCLEARBIT_API_KEY

Comments