Client Intake Bot Pro
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only lead intake workflow, but deploying it would involve automated customer messages and prospect data that should be carefully configured.
Before deploying this skill with real leads, decide which services it may access, require approval for important outbound messages, test the scoring logic, and set clear consent, opt-out, retention, and deletion rules for prospect data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured poorly, the bot could send inaccurate replies, reject good leads, or contact prospects before a human reviews the message.
The skill intentionally supports automatic customer-facing responses, including declining leads. This is aligned with the intake-bot purpose, but mistakes in scoring or templates could affect real prospects.
"Auto-Responses: Instant personalized replies based on score" and "Cold Leads (0-15): - Immediate: Polite decline auto-sent"
Use draft or approval mode first, test scoring rules, and require human approval for declines or high-value opportunities until the workflow is proven safe.
A deployment may need permissions to send messages or read lead submissions through third-party services.
These integrations would require access to messaging, calendar, or notification accounts if implemented, even though the registry metadata does not declare a primary credential or environment variables.
"Website contact form", "Social media DM auto-responder", "Email autoresponder", "Calendar booking pre-qualification" and "Immediate: Email + SMS to you"
Use least-privilege service accounts or API keys, document exactly which accounts are connected, and avoid granting broader email, social, or CRM access than the workflow needs.
Prospect submissions may contain personal, commercial, or confidential information, and untrusted text or files should not be treated as instructions to the agent.
The workflow is designed to ingest free-form prospect content and potentially confidential uploaded business documents for scoring and personalization.
"Open text: Richer context" and "File upload: RFPs, briefs, existing materials"
Treat lead-provided text and files as untrusted data, define retention and deletion policies, limit who can access submissions, and avoid reusing submitted content outside the intake workflow without consent.