Back to skill
Skillv1.0.3
ClawScan security
LeadFlow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 7:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- LeadFlow's code, declared envs, and runtime instructions are consistent with a lead-scraping/enrichment CLI; required keys and binaries match the stated purpose and there are no glaring mismatches or hidden exfiltration paths in the provided files.
- Guidance
- This package appears to be what it claims: a CLI for scraping and enriching business leads. Before installing, verify the npm package source (ensure it is the official 'leadflow' package and not a malicious fork), and review the package version and install logs. Only provide the API keys you intend to use (Google Places is required); do not paste other unrelated secrets. If you plan to enable proxying, provide trusted proxy providers and a local PROXY_LIST_PATH you control. Note the minor mismatch in packaging metadata (package-lock.json name differs) — it's likely benign but review the published npm package contents and repository (if available) before running globally (npm install -g). Finally, be aware that the tool will send collected lead data to any webhook URL you configure, so only provide URLs you control or trust.
Review Dimensions
- Purpose & Capability
- okName/description (scrape Google Maps & Yelp, enrich via multiple providers, verify, score, export) matches the included code (scrapers for Google/Yelp, enrichment clients for Hunter/Apollo/Dropcontact/ZeroBounce/Twilio, deduplication, scoring, export, webhooks). Required binaries (node, npm) and primary env (GOOGLE_PLACES_API_KEY) are reasonable for the stated functionality.
- Instruction Scope
- okSKILL.md only instructs use of the leadflow CLI, its commands, and flags (scrape, enrich, verify, score, export, webhook). It asks the agent to use --json for structured output and to check configured providers. Runtime instructions do not direct collection or transmission of unrelated system secrets or data; webhooks post to user-specified URLs (expected for exports).
- Install Mechanism
- noteInstall uses an npm package (node kind: leadflow) which is a standard, traceable registry install. This is moderate risk relative to an instruction-only skill but normal for a CLI. Minor packaging inconsistencies in provided artifacts (package-lock.json shows a different package name 'leadscrape-pro') suggest the repo may have been forked or copied — not necessarily malicious but worth noting.
- Credentials
- okOnly GOOGLE_PLACES_API_KEY is required; other provider keys (YELP, HUNTER, APOLLO, DROPCONTACT, ZEROBOUNCE, TWILIO) and proxy creds are optional and clearly justified by enrichment/verification and proxy usage for scraping. No unrelated cloud or system credentials are requested.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. It installs a CLI binary (normal for a node package). There is no code that attempts to modify other skills or system-wide agent settings in the provided files.