Back to skill
Skillv1.0.0
ClawScan security
Lead Auto Scraper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 1:29 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's prose describes scraping leads (Google Places/geolocation), building sites, and sending emails, but the runtime instructions are vague and do not declare the API keys, SMTP credentials, or other configuration such an automation would actually require.
- Guidance
- This skill is internally inconsistent: it tells the agent to use Google Places and SMTP relays but does not declare the API keys or SMTP credentials it would need. Before installing, ask the publisher to: (1) provide a precise list of required environment variables (Google API_KEY, PLACES_KEY, SENDGRID_API_KEY or SMTP_USER/SMTP_PASS, etc.); (2) supply exact endpoints the skill will call and where harvested leads are stored; (3) describe data retention, consent and compliance (GDPR/CAN-SPAM) for scraping and emailing; (4) provide source code or an install spec so you can review how credentials are used/stored. If you must test the skill, avoid providing production credentials—use limited-scope/test accounts and restrict network access. Consider disabling autonomous invocation until you verify the implementation and credential handling.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md explicitly expects use of Google Maps/Places APIs and SMTP relays (SendGrid/Postmark), which require API keys and credentials, but the skill declares no required environment variables, primary credential, or config paths. That mismatch means the skill's declared requirements are not proportional to its stated purpose.
- Instruction Scope
- concernInstructions are high-level and open-ended ("automates...on autopilot", "use geolocation APIs to gather leads"). They grant broad discretion to collect and process potentially sensitive personal or business data, but provide no limits, consent/terms guidance, or destination endpoints for harvested data. The vagueness could permit the agent to gather/aggregate PII or mass-send emails without safeguards.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing is written to disk and there is no binary or archive download risk.
- Credentials
- concernThe skill names services that require secrets (Google API keys, SendGrid/Postmark API key, SMTP creds) but declares none. That omission is disproportionate: a functioning implementation would need those credentials. Missing declarations make it unclear what secrets the agent will ask for at runtime and where they will be used/stored.
- Persistence & Privilege
- okalways is false and there is no indication the skill requests persistent system-wide privileges or modifies other skills. However, because the skill enables outbound actions (API calls, emailing), you should be cautious about autonomous invocation given the other concerns.