LeadFlow

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it builds lead lists, enriches and verifies contact data, then saves or sends the results when requested.

Install only if you are comfortable sending business/contact lead data to the configured enrichment and verification providers. Use webhooks only with destinations you control or trust, protect the local database and export files, and avoid running large exports or webhook sends unless the target audience and compliance basis are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The status command reveals which API credentials are configured and exposes local database/export paths. While it does not print secret values, this information materially helps an attacker or untrusted automation understand what external services are available and where sensitive lead data is stored on disk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The webhook feature allows collected lead and contact data to be POSTed to arbitrary external URLs without any warning about sensitivity, destination trust, or accidental disclosure. In a lead-generation context, this creates a direct path for bulk exfiltration of business/contact records to attacker-controlled endpoints or misconfigured automation services.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: Documenting export to CRM-oriented formats without warning that contact data will be written to files or prepared for downstream systems can lead to unintended data spread, insecure file handling, or import into unauthorized environments. The risk is lower than arbitrary webhooks because exports are typically user-initiated local artifacts, but they still expand exposure of potentially sensitive lead data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The webhook command sends lead records to any user-supplied URL with no validation, trust boundary warning, allowlist, or destination confirmation. In an agent/automation context, this creates a direct exfiltration path for scraped and enriched PII/business contact data to attacker-controlled endpoints.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The verify command transmits stored email addresses and phone numbers to ZeroBounce and Twilio without an explicit disclosure step. This is a real privacy and compliance risk because user data is shared with third parties, and in agent-driven execution the operator may not realize verification implies external transmission.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code sends company and person data to Dropcontact, a third-party enrichment provider, without any indication here of consent checks, minimization, or disclosure controls. In a lead-generation skill that aggregates and enriches business contact data, undisclosed transfer of personal data increases privacy, compliance, and data-handling risk, especially when names and company/website identifiers are combined.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code sends lead data to external enrichment providers (Hunter, Apollo, Dropcontact), including company name, domain, and website, without any visible consent gate, notice, or policy enforcement in this service layer. In a lead-generation skill that processes business contact data at scale, silent third-party transmission can violate privacy expectations, contractual limits, or data-protection requirements, especially when users may not realize their collected leads are being shared downstream.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code sends personal data such as first name, last name, domain, and email address to Hunter.io for enrichment and verification without any indication of consent checks, notice, or minimization controls in this client layer. In a lead-generation skill, this increases privacy and compliance risk because user-supplied or scraped contact data is transmitted to a third party for profiling and validation.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The Hunter API key is appended to the request URL as a query parameter, which can leak through logs, proxies, browser/network tooling, error messages, and monitoring systems even when sent over HTTPS. Credentials in URLs are harder to contain than headers and may persist in infrastructure metadata beyond the application's control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal