ClawHub

Pans Lead Miner

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches a lead-mining purpose, but it can automatically replace failed live searches with synthetic leads that may be mistaken for real prospects.

Install only if you are comfortable with local SearXNG searches using your query terms and with exports to paths you specify. Treat any output with source=demo as synthetic sample data, and avoid feeding exported results directly into outreach or CRM workflows unless you verify the companies independently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises network access to a local SearXNG instance and supports CSV export, but does not declare permissions for network or file writing. Undeclared capabilities are dangerous because they hide the real trust boundary from users and the host platform, making it easier for a skill to perform outbound requests or write files without explicit approval. In this context, the risk is amplified because lead-mining naturally processes user-supplied keywords and can generate output files, so silent network and file operations are core behavior rather than incidental.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This is a real integrity issue: when live search fails, the tool silently substitutes fabricated companies while preserving the appearance of genuine lead-mining output. In a sales-prospecting context, this can mislead operators into acting on fake business intelligence, wasting outreach effort and contaminating downstream CRM or decision-making systems.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The documentation claims demo leads are based on the provided search criteria, but the implementation largely ignores important inputs such as industry and company size. This creates deceptive output quality and can cause users or automated pipelines to over-trust sample data as relevant to the requested target profile.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad terms like '客户发现', '融资动态', and 'lead generation/prospect', which can match many ordinary business-assistant requests and cause the skill to activate unexpectedly. Over-broad activation is dangerous because this skill performs networked reconnaissance and may export data, so an unintended invocation could send user prompts to external services or produce files without the user realizing a specialized skill was selected.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal