Skillv2.0.0

ClawScan security

Company Intel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 4:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's described purpose (company research, contact discovery, SMTP verification, and OKKI import) matches its instructions, but the runtime steps assume access to external tools/APIs and credentials (OKKI CLI, RocketReach/Hunter/Apollo, dig/Python, MX connectivity) that are not declared, and it instructs active network probing — these inconsistencies and missing requirements warrant caution.
Guidance: Before installing or enabling this skill, confirm the following: (1) How will the skill authenticate to OKKI? Ensure an OKKI API/CLI credential mechanism is specified (and not hard-coded user_id). (2) Which third‑party data providers will be used (RocketReach/Hunter/Apollo) and supply API keys if required; otherwise the skill may fail or attempt unauthenticated scraping. (3) The skill performs active SMTP RCPT probing — verify this is allowed by your policies/legal counsel and that rate limits/target consent are acceptable. (4) Ensure the agent environment actually has Python, dig (or equivalent MX lookup), and the OKKI CLI, or update the SKILL.md to declare these prerequisites. (5) Ask the author to parameterize user_id/group_id/pool_id and to document where credentials are stored (env vars or secret store). (6) If you allow autonomous invocation, restrict its scope (e.g., require manual approval before bulk runs) because this skill will perform network operations and CRM writes. If any of these points are unresolved, treat the skill as risky and avoid running it with production credentials or broad network/CRM access.

Review Dimensions

Purpose & Capability: noteThe SKILL.md workflow (web research → contact discovery → SMTP RCPT checks → local archive → OKKI CRM import → reasoning) matches the skill description. However, the instructions refer to calling OKKI CLI and commercial data providers (RocketReach/Hunter/Apollo) and using system tools (dig, Python) even though the skill declares no required binaries or credentials. The presence of hard-coded fields like user_id (56785529) and mandatory group_id/pool_id is unexpected and should be parameterized or justified.
Instruction Scope: concernInstructions include active network operations (direct SMTP RCPT probing to mail servers via a Python socket script) and use of exec to run Python and an OKKI CLI. They instruct scraping/searching LinkedIn and third-party services. The SKILL.md does not declare where API keys or CLI auth come from, nor does it constrain probing frequency beyond crude sleeps. It also expects tools (dig, web_fetch/web_search, OKKI CLI) to exist. These runtime directives expand scope beyond a passive research skill and lack explicit safeguards and credential handling.
Install Mechanism: noteThis is instruction-only (no install spec / no code files), which minimizes supply-chain risk. However, the skill implicitly assumes presence of system binaries (Python, dig) and an OKKI CLI; those assumptions are not declared. Because there is no formal install, all execution is reliant on the agent environment — confirm required tools are present and trustworthy.
Credentials: concernThe skill declares no required env vars or credentials, yet it clearly needs: (a) credentials or an authenticated CLI for OKKI to create CRM entries, and (b) API keys or paid access for RocketReach/Hunter/Apollo/Apollo-like services if those are used, plus network access to target mail servers for SMTP checks. Requiring unknown credentials or embedding hard-coded user_id values is disproportionate and under-specified.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent installation or elevated platform privileges. It writes local files (intelligence/clients/{Company_Name}.md) and calls external systems, which is reasonable for its purpose but should be limited to approved directories and accounts.