Security audit

Cashclaw Lead Generator

Security checks across malware telemetry and agentic risk

Overview

This lead-generation skill should be reviewed because it scrapes and exports business contact data for outreach and can label unsourced contacts as decision makers.

Install only if you intend to run business lead research and can comply with privacy, platform, and outreach laws. Treat exported lead files as sensitive, verify every contact and source before outreach, avoid personal emails or prohibited scraping, and do not rely on placeholder contact names or titles as real people.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs use of networked tooling and external research/scraping behavior but does not declare corresponding permissions. Undeclared network capability weakens transparency and policy enforcement, making it easier for the skill to access external systems or transmit collected data without clear user awareness.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill claims lead generation and verification, but its behavior includes generating guessed email addresses and performing MX/DNS checks that are not clearly disclosed in the high-level description. This expands the operational scope into active contact data inference and external validation, increasing privacy, compliance, and misuse risk because users may not realize the skill is synthesizing personal business contact data rather than only collecting publicly listed information.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The script fabricates contact identity fields by hardcoding generic values like "Contact" and "Decision Maker" while presenting the output as qualified leads with contact information. This can mislead downstream users or agents into treating invented PII-like records as researched business contacts, causing deceptive outreach, bad decisions, and compliance or reputational issues.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is designed to collect, score, and deliver named contacts, business emails, phone numbers, and LinkedIn profiles, yet it lacks a clear user-facing privacy warning at the point where this data handling is described. Even though later ethical guidelines mention GDPR and data minimization, the skill still facilitates aggregation of personal data for outreach, which creates privacy and regulatory risk if users are not explicitly warned and constrained.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script systematically collects and exports emails, phone numbers, and LinkedIn URLs from websites without any warning, consent guidance, or privacy-handling controls. In the context of a lead-generation skill, this increases the risk of inappropriate personal-data harvesting, downstream misuse for spam or profiling, and regulatory noncompliance.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal