ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Auto Scraper

v1.0.0

Automates lead discovery using geolocation and Google Places, builds dynamic sites, and sends personalized emails with automated follow-ups for effective out...

0· 328·0 current·0 all-time
bymandebiko@mandebiko5-star
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md explicitly expects use of Google Maps/Places APIs and SMTP relays (SendGrid/Postmark), which require API keys and credentials, but the skill declares no required environment variables, primary credential, or config paths. That mismatch means the skill's declared requirements are not proportional to its stated purpose.
!
Instruction Scope
Instructions are high-level and open-ended ("automates...on autopilot", "use geolocation APIs to gather leads"). They grant broad discretion to collect and process potentially sensitive personal or business data, but provide no limits, consent/terms guidance, or destination endpoints for harvested data. The vagueness could permit the agent to gather/aggregate PII or mass-send emails without safeguards.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk and there is no binary or archive download risk.
!
Credentials
The skill names services that require secrets (Google API keys, SendGrid/Postmark API key, SMTP creds) but declares none. That omission is disproportionate: a functioning implementation would need those credentials. Missing declarations make it unclear what secrets the agent will ask for at runtime and where they will be used/stored.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system-wide privileges or modifies other skills. However, because the skill enables outbound actions (API calls, emailing), you should be cautious about autonomous invocation given the other concerns.
What to consider before installing
This skill is internally inconsistent: it tells the agent to use Google Places and SMTP relays but does not declare the API keys or SMTP credentials it would need. Before installing, ask the publisher to: (1) provide a precise list of required environment variables (Google API_KEY, PLACES_KEY, SENDGRID_API_KEY or SMTP_USER/SMTP_PASS, etc.); (2) supply exact endpoints the skill will call and where harvested leads are stored; (3) describe data retention, consent and compliance (GDPR/CAN-SPAM) for scraping and emailing; (4) provide source code or an install spec so you can review how credentials are used/stored. If you must test the skill, avoid providing production credentials—use limited-scope/test accounts and restrict network access. Consider disabling autonomous invocation until you verify the implementation and credential handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk978sqw1jp5jve2j8azwfx9dm1826a0a
328downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
mandebiko@mandebiko5-star
latest
Download

Lead Automation Skill

Overview

This skill automates the lead scraping, site building, and email sending process on autopilot. Designed to optimize workflows for generating leads and engaging potential clients effectively.

Implementation Steps

  1. Lead Discovery:

    • Utilize geolocation APIs to gather leads based on desired criteria.
    • Implement Google Places API for local searches to find businesses or individuals as leads.

  2. Site Generation:

    • Create websites using templates that allow for dynamic content injection.
    • Use a site builder framework that facilitates drag-and-drop features or pre-designed sections.

  3. Email Automation:

    • Set up SMTP relay through services like SendGrid or Postmark to ensure high deliverability of emails.
    • Craft personalized outreach emails with templates that can be auto-filled based on the lead's information.

  4. Follow-Up Sequence:

    • Establish a follow-up sequence that automatically re-engages leads after 7 days if there’s no response.
    • Use reminders and hooks to trigger emails with new offers or check-ins based on previous interactions.

Key Features

  • Automated lead generation and nurturing workflow.
  • Responsive site generation for enhanced client engagement.
  • Robust email campaigns with follow-up sequences to maximize outreach effectiveness.

Suggested Tools

  • Geolocation API (e.g., Google Maps API)
  • Google Places API for relevant local businesses
  • Template engines for website building
  • SMTP relay services (e.g., SendGrid, Postmark)

Result

This automation will create a unique and powerful tool for expanding reach and improving sales pipelines through consistent engagement and follow-ups.

Comments

Loading comments...