Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
HeyLead
v0.9.13HeyLead is an autonomous LinkedIn SDR that creates buyer personas, manages outreach campaigns, sends personalized messages, follows up, and tracks pipeline a...
⭐ 0· 368·0 current·0 all-time
by@d4umak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The feature set (LinkedIn outreach, account linking, scheduling) reasonably explains needing a connector and account tokens. However, the SKILL.md asks you to install 'uv' but the MCP configuration and manifest use the command 'uvx' — that mismatch is unexplained and could cause confusion or point to missing install steps. Repository/homepage metadata is inconsistent (source 'unknown' vs links in SKILL.md and clawhub.json).
Instruction Scope
Instructions direct you to connect Google and LinkedIn accounts and to copy/paste tokens during setup (expected for this capability). But the skill also states AI calls are routed through the HeyLead backend (Gemini 2.0 Flash) unless you use your own key — that implies message content and contacts might be transmitted to an external backend despite the claim that 'No messages or contacts stored on HeyLead servers.' The SKILL.md does not clearly specify what data is sent to the backend versus stored locally.
Install Mechanism
This is instruction-only (no code files), so risk is lower. The SKILL.md recommends installing 'uv' using a remote installer (curl ... | sh), which is a higher-risk pattern than a curated package because it runs a remote script. The manifest suggests running 'uvx heylead' but SKILL.md only documents installing 'uv' — the install/run mismatch is unexplained.
Credentials
clawhub.json and the skill declare no required environment variables, but runtime setup clearly involves tokens (Google/LinkedIn) and optionally an LLM key. The lack of declared env vars is inconsistent with the instructions that ask you to paste a 'token' and optionally use 'your own key'. That omission makes it harder to audit what credentials will be in scope and where they will be stored or transmitted.
Persistence & Privilege
The skill is not forced-always and does not request elevated platform flags. It requires adding an MCP server entry to openclaw.json (user action) which grants it persistent availability, but that behavior is expected for an MCP-native integration and is not itself excessive.
What to consider before installing
This skill does roughly what it says (autonomous LinkedIn outreach), but there are several inconsistencies you should resolve before installing:
- Verify the upstream project: inspect the GitHub repo and the PyPI package source (the SKILL.md links exist, but 'source: unknown' in metadata is concerning). Make sure the heylead package you install is the same code the skill documents.
- Clarify the installer command ('uv' vs 'uvx'): ask the author which binary you must install and where it comes from. Avoid running curl | sh on an unknown host without reviewing the install script contents.
- Confirm data flows and storage: the skill claims local-only storage for contacts/messages but also says LLM calls can route through HeyLead backend. Ask whether messages or metadata are transmitted to HeyLead servers and whether any tokens are retained server-side.
- Prefer using your own LLM key and verify how/where that key is stored. If possible, test in an isolated environment or sandbox account before connecting production LinkedIn/Google accounts.
- Expect to paste OAuth tokens during setup; ensure you understand what the token scope is (read/write messages, connections, profile) and revoke it if you uninstall.
If you cannot get clear answers to the above, treat the skill as higher-risk and avoid provisioning it with real accounts or sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk974bfrdt6apxa1w17wc9xyajs81wetv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.