Billionverify Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a transparent BillionVerify API helper, but users should notice that it uses an API key, can upload email lists to an external service, and can manage webhooks.
Install this only if you intend to use BillionVerify. Keep the API key private, confirm before uploading contact lists or consuming credits, and double-check webhook URLs or delete actions because they affect your BillionVerify account.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could perform BillionVerify API actions such as uploading files, downloading results, or deleting a webhook when the user requests those operations.
The skill uses Bash/curl to call raw API endpoints, including account-mutating webhook deletion. This is disclosed and aligned with the stated webhook-management feature.
allowed-tools: Bash ... curl -X DELETE "https://api.billionverify.com/v1/webhooks/{webhook_id}"Review and confirm bulk uploads, downloads, and create/delete webhook actions before allowing the agent to run the shown curl commands.
Anyone or any agent using the key can make API calls against the associated BillionVerify account within that key’s permissions.
The skill requires a BillionVerify API key, which grants account access and may consume verification credits. This credential use is expected for the integration.
API key must be set in environment variable `BILLIONVERIFY_API_KEY` ... All requests require an API key header
Store the API key securely, use the least-privileged key available, and rotate it if it is exposed.
Users have less registry-level provenance context for the skill, though there is no reviewed code payload showing hidden installation behavior.
The registry provides limited provenance metadata. However, the supplied artifact set contains only instruction files and no executable install payload.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify that the skill source and BillionVerify API documentation are the ones you intend to trust before installing.
Email addresses or contact-list files may leave the local environment and be processed by BillionVerify; verification results may also be downloaded or sent through configured webhooks.
The skill can transmit local email lists or contact files to the external BillionVerify API for processing. This is central to the stated bulk-verification purpose.
Upload CSV, Excel (.xlsx/.xls), or TXT files (max 20MB, 100,000 emails) ... -F "file=@/path/to/emails.csv"
Only upload files you are allowed to share with BillionVerify, confirm the selected file path, and verify webhook URLs before creating them.