leadklick
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: leadklick Version: 1.0.0 The skill requires a Supabase Service Role Key, which grants broad read/write permissions to the entire Supabase project, as explicitly stated in `SKILL.md` and `README.md`. While the skill's TypeScript code (`src/api.ts`) appears to use this key only for its stated purpose of managing leads within specific tables, the underlying credential itself represents a high-risk, broad permission. This aligns with the 'suspicious' classification threshold for risky capabilities without clear malicious intent, specifically 'broad permissions'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this with a service-role key could give the skill broad access to your Supabase database, not just the specific lead records you intended.
The skill explicitly asks for a Supabase service-role key with full database access. That credential is more powerful than a narrowly scoped lead-capture token and would be high impact if the agent or skill is misused.
"supabaseKey": "eyJ...your-service-role-key" ... "Use the Service Role Key, not the Anon Key, for full database access."
Use a dedicated least-privilege key or backend wrapper limited to the needed tables and organization, and rotate the service-role key if it is exposed.
An agent or user could delete business lead records by ID, potentially removing CRM data unexpectedly.
The code exposes a destructive delete operation for lead records. It is org-scoped, but there is no shown confirmation, soft-delete, or recovery guard, and this action is not described in SKILL.md's documented action list.
async deleteLead(id: string): Promise<{ success: boolean; deleted_id: string }> { ... .from('leads') .delete() .eq('id', id) .eq('org_id', this.orgId)Require explicit user confirmation for deletion, prefer soft-delete/archive, and document the delete action clearly in the user-facing skill instructions.
Incorrect lead creation could trigger unintended auto-reply emails or downstream automation.
A single createLead call can propagate into Make.com automation and outbound email delivery. This is disclosed and central to the skill, but it can affect external contacts if invoked incorrectly.
Create a new lead and automatically trigger the automation workflow ... "Auto-reply will be sent within 60 seconds."
Only call createLead for confirmed leads, and consider adding a human approval step before workflows send external emails.
Customer emails, phone numbers, notes, and conversation history may be stored and later retrieved by the agent.
The skill persistently stores customer contact details and conversation content. This is expected for a CRM skill, but it creates a sensitive data store that needs retention and access controls.
Retrieve lead details including full conversation history ... Leads table: id, email, name, phone ... Conversations table: ... content, subject
Limit what personal data is saved, configure Supabase access controls carefully, and define a retention/deletion policy for lead and conversation data.
Following the README literally could point users at a differently named package or make it harder to confirm they installed the reviewed artifact.
The README install command and package name use lead-inbox-automator, while the evaluated registry skill is named leadklick. This naming mismatch may be benign, but users should verify provenance before installing.
npx clawdhub@latest install lead-inbox-automator
Use the registry-provided install path for this exact skill and ask the publisher to align the slug, package name, and documentation.