Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lead Research Assistant Cn
v1.0.2销售线索研究助手 | Sales Lead Research Assistant. 识别高质量销售线索 | Identify high-quality sales leads. 分析目标公司、提供联系策略 | Analyze target companies, provide contact strategies...
⭐ 0· 629·1 current·1 all-time
byGuohongbin@guohongbin-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (sales lead research) match the SKILL.md steps: understanding a product, finding companies, scoring leads, and producing outreach strategies. No environment variables, binaries, or installs are requested that would be out of scope for lead research.
Instruction Scope
Instructions tell the agent to analyze a codebase if run inside one and to research public signals (job postings, tech stack, news, LinkedIn). Collecting decision-maker names and LinkedIn URLs is expected for this task, but it involves handling personal data and may imply web scraping or use of third-party APIs (which are not further specified). The skill does not instruct the agent to read unrelated system files, but running it in a repository could surface sensitive files if the user invokes it there.
Install Mechanism
No install spec or code files are present (instruction-only). This minimizes filesystem and supply-chain risk.
Credentials
The skill requests no environment variables or credentials. This is proportionate to an instruction-only research assistant; however, practical enrichment (LinkedIn, CRMs, paid data providers) may require credentials that the skill does not request nor document.
Persistence & Privilege
always is false and the skill does not request system-wide changes or persistent presence. It does not attempt to modify other skills or agent configuration.
Assessment
This skill appears coherent for lead research, but consider the following before installing/using it:
- Privacy & PII: The skill will collect names and LinkedIn URLs (personal data). Ensure you have a lawful basis to collect and use these contacts and review GDPR/CCPA implications where relevant.
- LinkedIn / Site scraping: The SKILL.md implies gathering LinkedIn profiles and other web signals; scraping may violate site terms of service. Prefer using official APIs or licensed data providers and avoid automated scraping without permission.
- Running in code repositories: The skill suggests analyzing a local codebase. Only run it in repositories you control and that don't contain secrets, API keys, or sensitive customer data (check for .env, config, or private keys first).
- Missing external integrations: If you expect richer enrichment (email addresses, verified contact data), you'll likely need to provide API keys for data providers or CRMs; the skill does not request these, so plan how you will supply and secure them.
- Review outputs before outreach: Validate contact data and messaging to avoid incorrect or harmful outreach.
If you want a stronger assurance, ask the publisher for: (1) the skill source or author identity, (2) a clear list of external services it will access, and (3) recommended credentials/permissions and how they are handled.Like a lobster shell, security has layers — review code before you run it.
chinesevk97dwdkh4jagm440apsmk3x2g981aab9latestvk979jzaqr6ygted4rbt9pp12fn81jvnbsalesvk97dwdkh4jagm440apsmk3x2g981aab9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎯 Clawdis