Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
leadklick
v1.0.0Automate lead capture in Supabase with Make.com email workflows, manage lead status, conversations, and track auto-reply delivery.
⭐ 0· 2.1k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The package, SKILL.md, README, and src/api.ts consistently implement a lead-capture/automation integration (Supabase + Make.com). That purpose aligns with the code and declared capabilities. However, the top-level registry metadata showed no required env vars or primary credential while skill.json and README explicitly require a Supabase service-role key and orgId — an inconsistency between the registry listing and the skill's own manifest/docs.
Instruction Scope
Runtime instructions (SKILL.md) and the code stay within the described lead-management scope: create/list/get leads, add conversations, update status, and check automation status. The skill triggers external automation (Make.com / Resend) as part of its flow, which is expected given the stated purpose. The SKILL.md does instruct use of the Supabase Service Role Key for full DB access; it does not instruct reading unrelated files or exfiltrating unrelated data.
Install Mechanism
There is no install script in the registry (instruction-only install), and no arbitrary download URLs. The package.json lists a dependency on @supabase/supabase-js which is expected. Overall install risk is low to moderate (normal npm dependency fetch) — nothing like a remote extract from an untrusted URL.
Credentials
The skill requires a Supabase Service Role Key (skill.json and README) which grants broad admin-level access to the database (bypasses RLS). For an agent-run skill, that is a high-privilege secret. While the skill's operations (insert/delete/update leads) technically need DB write permissions, best practice is least-privilege keys or function-based endpoints. Additionally, the registry-level metadata omitted these required credentials, which is an important mismatch and a red flag for accidental mis-declaration or deliberate omission.
Persistence & Privilege
The skill does not request always:true and does not modify other skills; autonomous invocation is allowed (platform default). Autonomous invocation combined with possession of a Supabase service role key increases potential blast radius — the skill could perform wide-ranging DB changes when invoked by the agent. This is not inherently malicious but is an important operational risk to consider.
What to consider before installing
This skill appears to implement the advertised lead-capture functionality, but it asks you to provide a Supabase Service Role Key — a powerful credential that bypasses row-level security. Before installing: 1) Confirm the registry listing (the skill.json/README require secrets even though the top-level metadata omitted them). 2) Prefer giving a least-privilege API key or a dedicated service account with only the required insert/update/select/delete permissions (or an HTTP proxy endpoint) rather than your full Service Role Key. 3) Review and enforce RLS policies on the Supabase project, and audit logs for actions taken by the skill. 4) Verify the external automation endpoints (Make.com / Resend) you'll wire into the workflow and ensure they are trustworthy. 5) If you cannot restrict the Supabase key, do not provide it to untrusted or third-party skills. If you want to be safer, request that the author support scoped keys or an intermediary service that limits operations to only the tables/actions the agent needs.Like a lobster shell, security has layers — review code before you run it.
latestvk97ftt4h6t88wt4vt8n1ff4d718006av
License
MIT-0
Free to use, modify, and redistribute. No attribution required.