lead-generating
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real lead-management skill, but it asks for a powerful Supabase service-role key and exposes CRM data mutation/deletion abilities that are broader and less clearly documented than the main description.
Review this carefully before installing. It is not clearly malicious, but only use it if you trust the publisher and can provide a tightly scoped Supabase credential. Confirm that automatic email workflows, deletion behavior, data retention, and access controls match your organization’s privacy and CRM policies.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill or its runtime is misused or compromised, the credential could allow broad Supabase database access beyond ordinary lead capture.
A Supabase service-role key is a powerful credential. The skill's purpose is scoped lead management, but this instruction asks for full database access rather than a narrowly scoped role.
**Important:** Use the Service Role Key, not the Anon Key, for full database access.
Prefer a least-privileged Supabase key, RLS-safe role, or restricted RPC/API layer limited to the required lead and conversation operations. Rotate any service-role key if it was exposed.
An agent with access to this skill could delete lead records if it invokes this method with a lead ID.
The code exposes a destructive lead deletion method. The main SKILL.md actions do not document a delete action or describe user confirmation/rollback expectations.
async deleteLead(id: string): Promise<{ success: boolean; deleted_id: string }> { ... .from('leads') .delete() .eq('id', id) .eq('org_id', this.orgId)Document deletion clearly, require explicit user confirmation before deletion, and consider soft-delete or audit logging instead of hard deletion.
Incorrect or unapproved lead data could trigger emails and updates across multiple connected systems.
A single lead-capture action is designed to propagate across Supabase, Make.com, Resend email, and a dashboard. This is disclosed and purpose-aligned, but it increases the impact of mistaken inputs.
Clawd Agent → createLead() → Supabase (status: new) ... Make.com Webhook ... Resend Email API ... Supabase Update
Review the Make.com scenario, email templates, consent rules, and monitoring before enabling automatic replies.
Customer messages, emails, phone numbers, notes, and metadata may be stored and later reused by agents or dashboards.
The skill persists and retrieves conversation history and lead information, which may include personal data and untrusted customer-provided text.
Retrieve lead details including full conversation history.
Define retention, access control, and privacy rules. Treat stored customer messages as untrusted content, not as instructions for the agent.
Dependency or provenance issues could affect code that handles sensitive CRM credentials and data.
The package uses a ranged dependency version and the registry metadata lists the source as unknown. This is not malicious by itself, but provenance matters more because the skill asks for a service-role database credential.
"@supabase/supabase-js": "^2.39.0"
Install only from a trusted publisher, review the exact package contents, and prefer pinned/locked dependency versions for production use.