ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Guardian

v1.0.0

AI-powered real estate lead response and qualification via SMS, email, or CRM to instantly engage, qualify, and route hot buyer and seller leads for agents.

0· 52·0 current·0 all-time
by@jonbarnato
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and app.py align: the skill implements SMS lead handling, qualification, and routing using Twilio and OpenRouter (Claude model). The requested environment variables (Twilio credentials, OpenRouter API key, optional AGENT_PHONE) are appropriate for the described functionality.
!
Instruction Scope
SKILL.md and app.py indicate the app will create a local SQLite DB (leads.db) and expose HTTP endpoints (including an admin dashboard). The manifest does not include .env.example or leads.db (they are listed in SKILL.md but not provided), and the shipped app.py is truncated in the provided content (the /sms handler is cut off), so behavior of the remainder of the code (dashboard, auth, /api endpoints, any webhook verification) is unknown. Exposing an unauthenticated admin dashboard or API would be a significant privacy/security risk. Also the system prompt hardcodes an agent identity (Jon Barnato) which leaks/locks the assistant persona and may be undesired.
Install Mechanism
No install spec; this is instruction + Python app. No external downloads or installers are included, so installation risk is limited to installing common Python packages per SKILL.md. That said, the top-of-file comment suggests packages (openai) that are not used; minor inconsistency but not an install-time risk.
Credentials
Declared environment variables (TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER, OPENROUTER_API_KEY, optional AGENT_PHONE) are proportional to an SMS + AI lead responder. No unrelated credentials or surprising env access are requested.
Persistence & Privilege
The skill does not request always:true and does not declare unusual privileges. It creates a local leads.db file which persists lead data on disk; that's expected for the use case but you should verify file location and retention policy. Ensure the HTTP endpoints (dashboard, APIs) are protected before exposing to the internet.
What to consider before installing
This implementation looks like a straightforward Twilio + OpenRouter lead autoresponder, but exercise caution before using it in production or on real credentials. What to check before installing/running: - Code completeness and authenticity: the provided app.py is truncated in the artifact you gave me. Get the full source from a trusted author or repository and review it before running. - Endpoint authentication: confirm the admin dashboard and /api endpoints require authentication and that Twilio webhook requests are validated (Twilio request signature) to prevent spoofing. Do not expose the app to the public internet without HTTPS and auth. - Credentials: only provide Twilio and OpenRouter API keys if you trust the source. Rotate keys after testing. Use least-privilege Twilio credentials if possible. - Data persistence & privacy: the app writes leads.db in its directory. Verify data retention, backups, and who can access that file on the host. Consider running in an isolated container or VM. - Behavior testing: run locally with dummy credentials first; observe outbound requests (which should be only to Twilio and openrouter.ai). Confirm there are no unexpected external endpoints in the full source. - Hardcoded persona and defaults: the system prompt hardcodes an agent name and comments in the header reference "Jon's phone" — replace with neutral text and configuration variables if you deploy. If you want, I can: (1) attempt to reconstruct the truncated portion if you paste the rest of app.py, (2) list concrete tests to run in a sandbox, or (3) produce a hardened checklist (webhook validation, auth for dashboard, DB encryption) to make this safe to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk978p3rqx9ncqgkwsm75ncnrx98464hs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments