v1.0.0

Ironclaw Lead Enrichment

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:48 AM.

Analysis

The skill is coherently designed for lead enrichment, but it should be reviewed because it can bulk collect personal lead data and update CRM records without a clear confirmation, rollback, or retention boundary.

GuidanceReview before installing or using this skill. It is not clearly malicious, but it can gather personal contact information from public sources, infer email addresses, and write bulk changes into CRM data. Use it only with a defined record scope, preview proposed changes first, avoid auto-writing low-confidence guesses, and ensure checkpoints and enriched data are stored and deleted according to your privacy requirements.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

For enriching many records at once: ... Query all incomplete records from DuckDB ... Process in batches of 10-20 records ... UPDATE v_leads SET "Email" = ?, "LinkedIn URL" = ?, ...

This directs the agent to perform bulk database mutation of CRM records. The artifacts include quality rules, but do not require user review or a rollback mechanism before committing bulk enriched or inferred values.

User impactIncorrect or low-confidence enrichment could be written across many CRM records, affecting sales workflows and later outreach.

RecommendationRequire an explicit user-selected scope, show a preview/diff of proposed changes, commit only after confirmation, and keep a reversible audit log or backup.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

LinkedIn (via linkedin-scraper skill) ... Web Search (via web_search tool) ... Company Website (via web_fetch)

The instruction-only skill depends on other tools or skills for its core data sources. Those components are not part of this artifact set, so their provenance and permissions should be checked separately.

User impactThe safety of enrichment depends partly on external tools that may have their own data handling or scraping behavior.

RecommendationReview and approve the linked scraper and web tools separately, especially any authentication, scraping, or storage permissions they require.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Works with DuckDB workspace entries ... Query the target object ... FROM v_leads ... UPDATE v_leads SET

The skill assumes read/write access to workspace CRM data. This is expected for enrichment, but it is still delegated authority over business records.

User impactInstalling or invoking the skill in the wrong workspace could expose or alter CRM data the user did not intend to enrich.

RecommendationConfirm the workspace, table/view, and record set before use, and ensure the agent only has access to the CRM data needed for the task.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Save checkpoint after each batch ... | Email address | Email | ... | LinkedIn URL | ... | Education | Education | ... | Phone | Phone |

The skill persists batches of enriched personal contact data, including emails, LinkedIn URLs, education, and phone numbers, but does not specify retention, storage boundaries, or cleanup expectations.

User impactPersonal lead data may be stored or reused beyond the immediate task if checkpoints or enriched records are not managed carefully.

RecommendationDefine where checkpoints are stored, how long they are retained, who can access them, and how users can delete or review persisted enrichment data.