ClawHub

Dievio Lead Search API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Dievio API helper, with expected privacy and data-handling risks for lead enrichment but no hidden or destructive behavior found.

Install only if you intend to use Dievio for authorized B2B lead search or LinkedIn enrichment. Use a dedicated API key, avoid --raw-output unless full records are needed, set explicit page/result limits, pass only intended JSON files to --body-file, and follow applicable privacy, platform, anti-spam, retention, and internal data-handling rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly promotes LinkedIn profile enrichment and optional retrieval of work/personal emails, but provides no warning about lawful basis, consent, platform terms, or safe handling of personal data. In a lead-generation skill, that omission can normalize privacy-invasive use and increase the chance that operators collect, store, or process sensitive personal contact data without appropriate controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill can return enriched personal data such as emails and phone numbers, but the description and usage guidance do not give a clear warning about sensitive data handling. This increases the risk that users will request raw output, export results, or process personal data without understanding privacy, compliance, or minimization obligations. Because the skill is specifically designed for lead enrichment, the context makes this more dangerous rather than less.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal