Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lead Enrichment
v1.1.0Turn a name into a full dossier in seconds. Feed in a name + company (or email, or LinkedIn URL) and get back a rich profile with social links, bio, company intel, recent activity, and personalized talking points. Aggregates data from multiple public sources — LinkedIn, Twitter, GitHub, company websites, news — so you can skip the manual research and jump straight to personalized outreach. Your agent does the detective work while you close deals. Supports single enrichment, batch processing, and multiple output formats (JSON, Markdown, CRM-ready). Use when researching prospects, preparing for sales calls, personalizing cold outreach, or building lead lists. Pairs perfectly with trawl for autonomous lead gen → enrichment → outreach pipelines.
⭐ 0· 1.3k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the delivered artifacts: scripts, config, and instructions for scraping public sources and producing CRM-ready outputs. The SKILL.md also declares a dependency on the browser skill (reasonable for web scraping). However, some capabilities (Claude LLM for talking points; premium data sources like Hunter/Clearbit/Apollo) are referenced in the config but not declared as required environment credentials in the registry metadata, which is a mild mismatch.
Instruction Scope
Runtime instructions stay within the stated purpose (load config, search public sources, aggregate profiles, generate talking points). The included scripts are mostly mock/demo implementations but do instruct reading/writing to ~/.config/lead-enrichment and optionally checking ~/.clawdbot/secrets.env for premium API keys. There are no hidden external endpoints in the delivered scripts, but the SKILL.md and config imply web fetch/browser activity and an LLM (Claude) that would perform network access if implemented.
Install Mechanism
No install spec is provided (instruction-only), so no remote code downloads occur during install. The bundle includes local scripts; setup.sh will create ~/.config/lead-enrichment and copy config.example.json there. This is expected for a CLI-style skill and not disproportionate.
Credentials
The registry lists no required env vars, but config.example.json and setup.sh reference premium API keys in ~/.clawdbot/secrets.env (HUNTER_API_KEY, CLEARBIT_API_KEY, APOLLO_API_KEY) and the talking_points feature notes it "requires Claude." Those credentials are optional, but the skill expects them to be present in a home-directory secrets file rather than declaring them as platform-provided env inputs. This is a transparency gap you should understand before enabling premium features.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes its own config/data under ~/.config/lead-enrichment. Writing local config/cache is normal for this type of tool.
What to consider before installing
What to check before installing:
- Inspect ~/.config/lead-enrichment/config.json after running setup; the skill will create that directory and files in your home directory.
- The skill will optionally look for premium API keys in ~/.clawdbot/secrets.env (Hunter, Clearbit, Apollo) and uses an LLM (Claude) for talking points. These credentials are not declared in the registry metadata — only store keys you trust and expect to use. Consider storing them securely (not world-readable).
- The included scripts are mock/demonstration stubs: they do not perform actual scraping, but the SKILL.md implies the real implementation would use a browser/web fetcher and an LLM. If you enable a production implementation, review what network endpoints it calls and whether it respects robots.txt and rate limits.
- Batch mode will read user-provided input files and call the enrich script; be mindful of the data you feed it (PII) and where outputs are stored or exported (exports can be piped to arbitrary webhooks/CRMs).
- If you plan to enable premium sources or automatic CRM posting, test in an isolated environment and audit outbound network calls and logs first.
- If the provenance/source of this skill is unknown, prefer caution: either request a verifiable source or run it locally in a controlled environment before granting any secret keys or enabling automatic/autonomous pipelines.Like a lobster shell, security has layers — review code before you run it.
latestvk97fnbjfygtxtmn1nvc2m9nsgs80yk4s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis