Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WhatsApp Lead Hunter
v1.0.0Automated lead generation and WhatsApp outreach system. Scrape business leads from Google Maps by sector and location, generate personalized pitch messages,...
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (lead scraping + WhatsApp outreach) matches the included SKILL.md, pitch templates, and the batch_send.sh script. The script implements the advertised send flow (reads leads JSON, personalizes messages, posts to WAHA API, appends ignore list). No extraneous credentials, packages, or unrelated binaries are requested.
Instruction Scope
Instructions explicitly instruct the agent to use a browser tool to scrape Google Maps and extract phone numbers, websites, reviews, etc. That is within the claimed purpose but expands the agent's scope to interacting with third-party web pages (and potentially harvesting contact data). The SKILL.md also suggests forwarding inbound outreach replies to an admin (notify_admin), but does not define how that notification is implemented or secured — this could result in routing message content to external channels if configured. The instructions do not ask the agent to read unrelated local config or secret env vars.
Install Mechanism
No install spec (instruction-only) and the only code is a small bash script. Nothing is downloaded or extracted from external URLs. Risk from installation is low.
Credentials
The skill requests no declared environment variables and expects the WAHA API key to be supplied at runtime (script argument or environment) — that is proportionate to its function. Small inconsistency: SKILL.md mentions using 'OpenClaw CLI for any gateway operations' but provides no OpenClaw commands or required credentials; this is a minor documentation mismatch, not a hidden requirement. No other credentials or system-wide config paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request persistent or elevated platform privileges. Its behavior is confined to creating/using local files (leads JSON, ignore list) and POSTing to a WAHA API endpoint that the user must run/configure.
Assessment
This skill appears to do what it claims, but consider the following before installing or running it:
- Legal/ethical risk: scraping Google Maps and sending cold WhatsApp messages can violate Google’s terms of service and local spam/privacy laws. Confirm you have the right to collect and message these contacts.
- Data exfiltration/notification endpoints: the webhook snippet references notify_admin (Telegram/SMS/etc.) but doesn't specify where notifications go — review any admin notification configuration to ensure message content/phone numbers are not sent to untrusted external endpoints.
- WAHA API key security: the WAHA key is required at runtime; treat it as a secret and only point the script to a WAHA instance you control (localhost or a secured host).
- Test in dry-run mode first: the script supports --dry-run; use it and small batches (10–15 leads) as suggested before scaling.
- Respect rate limits and recipients: keep delays and batch sizes conservative and maintain an ignore list as recommended to avoid bot conflicts and account suspension.
- Documentation mismatch: the SKILL.md mentions OpenClaw CLI for gateway operations but provides no examples — clarify this before relying on any automated gateway actions.
If you are comfortable with these operational and compliance concerns and you control the WAHA instance and notification endpoints, the skill is internally coherent. If any of these points are unclear or unacceptable, do not enable the skill until they are resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97fks19sswnby67wrr3tzasv183hmp7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.