Lead Hunter

Security checks across malware telemetry and agentic risk

Overview

This lead-generation skill is documentation-only and mostly coherent, but it guides broad personal-data collection, risky scraping, external exports, and automated outreach without enough scoping or compliance controls.

Review before installing or using. Use only lawful, approved data sources; avoid the LinkedIn proxy-scraping path; disable auto-outreach and CRM writes until manually reviewed; use least-privileged test credentials; minimize fields sent to enrichment vendors and webhooks; and define opt-out, retention, deletion, and compliance rules for generated lead lists.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The LinkedIn section explicitly documents a proxy-service-based collection workflow for a platform that actively prohibits scraping and detection evasion. Even though it is disabled by default and includes cautionary language, it still provides operational guidance for large-scale harvesting of professional profile data, which creates legal, account-abuse, and privacy risk beyond ordinary lead generation.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The file says 'Never automate actions' but still defines proxy services, search templates, and rate limits for automated LinkedIn profile collection. That contradiction normalizes semi-automated evasion and may mislead operators into thinking the workflow is safe if they avoid only the most obvious actions, while still enabling prohibited bulk collection.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly automates discovery, enrichment, scoring, export, and even outreach using personal contact data such as emails, phone numbers, and social profiles, but its description and metadata provide no warning about privacy, consent, data protection, or platform/marketing compliance. In this context, omission is security-relevant because it encourages collection and downstream use of personal data at scale without signaling legal, ethical, or operational safeguards, increasing the likelihood of misuse or noncompliant deployment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The GitHub discovery output explicitly includes personal fields such as public email, bio, location, website, and social handles, enabling collection of contact data tied to identifiable individuals without any privacy-use constraints. In a lead-generation skill, that materially increases the chance of unsolicited outreach, profiling, and misuse of personal data at scale.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The Product Hunt section prescribes scraping as the collection method and enumerates personal/attribution data to capture, but provides no warning about terms-of-service restrictions, account blocking, or downstream privacy obligations. That makes it easier to deploy non-compliant collection in a commercial lead-gen context.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The Moltbook output fields include owner_email and linked social identity information, which facilitates direct identification and contact of individuals without any notice about privacy handling, consent, or permitted use. Combined with the skill's lead-generation purpose, this supports personal profiling and targeted outreach at scale.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The orchestration section directs cross-source deduplication and merging on email, social handles, and company domain into a combined lead file. This creates a richer, unified profile of individuals across platforms, increasing privacy risk, profiling sensitivity, and the blast radius of any misuse or data exposure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs agents to scrape personal email addresses from public sources such as GitHub, Twitter, company websites, and archived pages, but provides no guardrails around consent, lawful basis, platform terms, or handling of personal data. In a lead-generation context, this omission increases the likelihood of privacy violations, non-compliant collection, and downstream misuse of scraped contact information for outreach.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs use of third-party enrichment and verification providers and shows API-key-based integrations, but does not warn that names, domains, emails, and related lead data will be transmitted to external services. This creates a real data-governance and privacy risk because operators may unknowingly disclose personal or business contact data to processors without notice, approval, or vendor review.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The webhook example sends a 'full_lead_object' to an external URL, which can expose personal and company data far beyond what is necessary for many integrations. Because the skill is specifically designed for lead enrichment, the payload likely contains sensitive prospect data, making silent transmission to arbitrary webhooks a meaningful data disclosure risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The CRM integration examples automatically push contact records and associated lead data into third-party platforms without any accompanying disclosure, consent, or data-minimization guidance. In a lead-hunting skill, this is more dangerous because the workflow centers on collecting and enriching personal contact information, so default export behavior can cause users to share regulated or sensitive data without appreciating the exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal