HeyLead
WarnAudited by ClawScan on May 10, 2026.
Overview
HeyLead is clearly a LinkedIn sales automation skill, but it gives an external MCP package broad autonomous control over messaging, public engagement, posting, and scheduled activity on connected accounts.
Install only if you are comfortable giving a third-party MCP server authority over LinkedIn outreach. Prefer copilot mode, keep the cloud scheduler off until tested, pin and review the external `heylead` package, confirm account-token revocation steps, and monitor all campaigns closely.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send incorrect, unwanted, or reputationally damaging LinkedIn messages, replies, comments, endorsements, or posts if the campaign setup or model judgment is wrong.
The skill explicitly supports autonomous outreach. Combined with tools for sending invitations, follow-ups, auto-replies, engagement actions, and publishing posts, this gives the agent high-impact account-mutation authority without fully specified per-action approvals.
`Autopilot` — AI handles outreach automatically within rate limits and working hours
Use copilot/review mode by default, require explicit approval for each send or publish action, and test on a small campaign before enabling autonomous outreach.
A connected account token may allow the MCP server to act as the user on LinkedIn, including sending messages and performing public engagement actions.
The skill requires delegated account access through a token and connected LinkedIn identity, but the artifacts do not specify permission scopes, token storage, revocation steps, or how access is constrained to user-approved campaigns.
authenticate with Google, connect LinkedIn, copy your token, and paste it back
Only connect accounts you are willing to automate, confirm what permissions are granted, know how to revoke access, and avoid using high-value or shared business accounts until scope is clear.
The code that receives tokens and performs LinkedIn actions may change outside this reviewed skill package, and the static scan did not inspect it.
The runtime MCP server is fetched and run as an external package without a pinned version in the reviewed config, while no code files for that package are included in the artifacts.
"mcp": { "command": "uvx", "args": ["heylead"], "transport": "stdio" }Verify the PyPI/GitHub package source, pin a reviewed version, and review the MCP server code before granting account access.
Outreach may continue while the user is away, potentially sending follow-ups or checking/responding to replies at times the user did not actively review.
The skill includes persistent cloud-based automation that can continue outreach tasks beyond a single interactive session.
Autonomous Scheduling — 24/7 cloud scheduler for invitations, follow-ups, and reply checks
Keep the scheduler disabled until campaign rules are verified, monitor scheduled jobs, and confirm the `emergency_stop` behavior before relying on autopilot.
Stored LinkedIn conversations and prospect data could be exposed if the local database is accessed by others or reused in later automation without review.
The skill stores prospect/contact and message data persistently for outreach workflows. This is purpose-aligned, but it creates a sensitive local data store and reusable context.
Contacts and messages stored in local SQLite database
Understand where the SQLite database is stored, back it up or delete it as needed, and avoid importing sensitive prospects or conversations unless necessary.