ClawHub

Ironclaw Lead Enrichment

Security checks across malware telemetry and agentic risk

Overview

This lead-enrichment skill is not deceptive, but it can collect inferred personal contact data and bulk-update CRM records without a clear preview or approval step.

Review before installing. Use it only on lead lists you are authorized to enrich, confirm that LinkedIn and website scraping complies with your policies and source terms, require a dry-run preview before database writes, and keep backups or an audit log for rollback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase is overly broad and could cause the skill to activate for generic CRM bulk-update requests without clear user intent for external enrichment or data collection. In this context, that increases the chance of unintended scraping, inference of personal data, and mass record modification beyond what the user reasonably expected.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs collecting and inferring personal contact data, including business email addresses and LinkedIn-derived profile details, but provides no user-facing warning, consent check, or privacy boundary. This is dangerous because inferred contact data can be inaccurate, privacy-invasive, or non-compliant with internal policy, platform terms, or data protection requirements when gathered at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to write enriched data back into DuckDB records automatically, yet does not require a user-visible confirmation or preview of changes. In a bulk-processing context, this can propagate incorrect or inferred data into CRM systems at scale, creating data integrity, privacy, and operational risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal