ClawHub

Company, Email & Lead Enrichment

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly described lead-enrichment API helper, but users should understand that queries and some personal data are sent to GoCreative and may trigger small payments.

Install only if you are comfortable sending domains, names, email addresses, and profile identifiers to GoCreative for enrichment, and if small USDC pay-per-call charges are acceptable. Use it only for leads or companies you are authorized to process, and avoid submitting sensitive customer or employee data unless your privacy and compliance requirements allow it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs agents to send lead, email, domain, and profile data to a third-party API, but it does not warn users that potentially sensitive business and personal data will leave the local agent environment. In this context, the omission is security-relevant because users may unknowingly transmit PII, prospect data, or profile identifiers to an external enrichment provider and trigger paid requests automatically.

External Transmission

Medium
Category
Data Exfiltration
Content
## Tools (live endpoints)
| Call | What you get | Price |
|---|---|---|
| `GET https://api.gocreativeai.com/v1/enrich/company/{domain}` | B2B company enrichment from a domain (firmographics) | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/email/{name-and-domain}` | Find a person's likely **work email** from name + company domain | ~$0.02 |
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
Confidence
89% confidence
Finding
https://api.gocreativeai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| Call | What you get | Price |
|---|---|---|
| `GET https://api.gocreativeai.com/v1/enrich/company/{domain}` | B2B company enrichment from a domain (firmographics) | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/email/{name-and-domain}` | Find a person's likely **work email** from name + company domain | ~$0.02 |
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/linkedin/{profile}` | LinkedIn profile enrichment | ~$0.05 |
Confidence
95% confidence
Finding
https://api.gocreativeai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
|---|---|---|
| `GET https://api.gocreativeai.com/v1/enrich/company/{domain}` | B2B company enrichment from a domain (firmographics) | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/email/{name-and-domain}` | Find a person's likely **work email** from name + company domain | ~$0.02 |
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/linkedin/{profile}` | LinkedIn profile enrichment | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/bundle/company-360/{domain}` | **Company 360**: full domain intelligence bundle | ~$0.15 |
Confidence
96% confidence
Finding
https://api.gocreativeai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| `GET https://api.gocreativeai.com/v1/enrich/company/{domain}` | B2B company enrichment from a domain (firmographics) | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/email/{name-and-domain}` | Find a person's likely **work email** from name + company domain | ~$0.02 |
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/linkedin/{profile}` | LinkedIn profile enrichment | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/bundle/company-360/{domain}` | **Company 360**: full domain intelligence bundle | ~$0.15 |
Confidence
83% confidence
Finding
https://api.gocreativeai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| `GET https://api.gocreativeai.com/v1/enrich/email/{name-and-domain}` | Find a person's likely **work email** from name + company domain | ~$0.02 |
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/linkedin/{profile}` | LinkedIn profile enrichment | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/bundle/company-360/{domain}` | **Company 360**: full domain intelligence bundle | ~$0.15 |

URL-encode arguments. Email finder example: `/v1/enrich/email/jane-doe-stripe.com`.
Confidence
95% confidence
Finding
https://api.gocreativeai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
| `GET https://api.gocreativeai.com/v1/bundle/email-360/{email}` | **Email 360**: deliverability validation + provider/domain enrichment | ~$0.15 |
| `GET https://api.gocreativeai.com/v1/enrich/domain/{domain}` | Domain intel: DNS + WHOIS + TLS, fused | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/enrich/linkedin/{profile}` | LinkedIn profile enrichment | ~$0.05 |
| `GET https://api.gocreativeai.com/v1/bundle/company-360/{domain}` | **Company 360**: full domain intelligence bundle | ~$0.15 |

URL-encode arguments. Email finder example: `/v1/enrich/email/jane-doe-stripe.com`.
Confidence
87% confidence
Finding
https://api.gocreativeai.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal