Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward API guide for finding business contact information, with no hidden code or local persistence, but users should handle returned contact data responsibly.

Install only if you trust Easy Email Finder and intend to use its API for business lead enrichment. Use a dedicated API key with controlled credits where possible, supervise paid enrichment calls, and avoid submitting confidential, regulated, or unauthorized lead lists unless you have reviewed the provider terms and applicable privacy or anti-spam obligations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill is explicitly designed to collect and enrich business contact data, including verified email addresses and social links, via a third-party service, but it provides no privacy, consent, or data-handling guidance to the user. This creates a real privacy/compliance risk because users may transmit or process personal/business contact information without understanding retention, lawful basis, or downstream use constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal