Lead Research Assistant Cn
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only sales lead research skill with no code, install steps, or credentials, but users should be careful when letting it inspect private repositories or research sensitive third-party exposure signals.
Before installing, decide whether you are comfortable letting the agent analyze your repository and perform web-style lead research. Keep secrets and customer data out of the working directory, and avoid using leaked sensitive information as sales material.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in a sensitive repository, the agent may read private project information while preparing lead recommendations.
The skill may inspect local repository contents to understand the product. This is purpose-aligned, but private source code, secrets, or internal business details could enter the agent's working context.
For even better results, run this from your product's source code directory... Look at what I'm building in this repository
Use it only in repositories you are comfortable sharing with the agent, and remove or exclude secrets, credentials, customer data, and unrelated private files before requesting codebase analysis.
Lead research could surface sensitive third-party information if the user asks for this type of signal.
An example suggests using accidental sensitive-data exposure in public code as a lead signal. That can be relevant for a data-masking product, but it could also lead the agent to encounter third-party sensitive information.
May have accidentally exposed sensitive data in code
Use only high-level, public indicators of security need; do not copy, store, exploit, or include exposed secrets or personal data in lead lists or outreach.