Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

lfg

v1.0.0

Run B2B lead research with lgf (Lead Gen Factory). Use when asked to find leads, prospect companies, research ICPs, find decision makers, or generate a lead...

⭐ 0· 226·0 current·0 all-time

byJordi Catafal@catafal

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to run B2B lead research but the package metadata lists no required binaries or env vars while SKILL.md clearly expects a local 'lgf' CLI and two API keys (TAVILY_API_KEY and OPENROUTER_API_KEY). The registry entry also gives the skill name as 'lfg' while SKILL.md uses 'lgf' (likely a typo). Asking for an external CLI and API keys is coherent with lead-gen functionality, but the registry should have declared these requirements; their absence is an inconsistency.

Instruction Scope

SKILL.md instructs the agent/user to install a third‑party Python CLI and to store API keys in ~/.lgf/.env, and suggests running CLI commands that crawl and extract contact data. The instructions allow reading ICP files and writing CSV/JSON. There are no explicit instructions to exfiltrate secrets, but the skill enables the agent to read local config (~/.lgf/.env) and run networked searches/LLM scoring; because the declared metadata omitted these data/credential needs, the instruction scope is broader than what the registry signals.

Install Mechanism

The skill package has no install spec, but SKILL.md recommends installing the CLI from a GitHub repo (pip install -e . or pipx install git+https://github.com/Catafal/lead-gen-factory.git). Installing from a third‑party GitHub URL executes and places external code on the system and can run arbitrary code—this is higher risk, especially when the registry did not declare the dependency or provide a vetted install spec.

Credentials

SKILL.md requires two sensitive API keys (TAVILY_API_KEY for web search and OPENROUTER_API_KEY for LLM calls) stored in ~/.lgf/.env, but the skill metadata lists no required env vars. These credentials are relevant to lead generation, so they are proportionate to the task, but their absence from the registry is a red flag: an agent or user may not realize sensitive keys will be needed and potentially read/written by the skill.

ℹ

Persistence & Privilege

The skill is not marked 'always' and does not request system-wide persistent privileges. Autonomous invocation is allowed (the default) — combined with the above issues (undeclared credentials and external install), this increases blast radius if the agent is permitted to run Bash/Read/Write. There is no evidence the skill attempts to modify other skills or global agent config.

What to consider before installing

Before installing or enabling this skill, consider the following: - Inconsistency: SKILL.md requires a local 'lgf' CLI and two API keys (TAVILY_API_KEY, OPENROUTER_API_KEY), but the registry metadata does not list those requirements. Treat this as a warning sign. - Verify the source: inspect the GitHub repository (https://github.com/Catafal/lead-gen-factory.git) yourself. Review the code (especially install/setup scripts) and check issues/stars/maintainer reputation before pip-installing. - Avoid installing system-wide: if you decide to install, do so in an isolated environment (VM, container, or dedicated user account) or use pipx with isolation, and avoid providing high‑privilege credentials. - Use least-privilege credentials: create dedicated API keys with limited scope and rotate them if used for testing. Do not reuse sensitive production keys. - Protect secrets on disk: SKILL.md points at ~/.lgf/.env — ensure its permissions are restrictive and be aware that the agent (with Read permission) could access that file. - Confirm registry metadata: ask the publisher to update the skill manifest to declare required binaries and env vars formally, and to provide an install spec referencing a vetted release (e.g., GitHub release tarball or PyPI package) rather than a raw git URL if possible. If you cannot review the repository or prefer lower risk, do not install the CLI and instead look for a skill that either provides a vetted install spec or is purely instruction-only without requiring new system binaries or undeclared credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk975hj80qy44w3p7hps1dqqe8182jkd2

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

lfg

License

Comments