Lead Auto Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill clearly describes lead scraping and automated email outreach, but it lacks controls for consent, review, limits, opt-outs, and stopping future follow-ups.

Install only if you will add your own operational safeguards: use lawful and permitted lead sources, review every lead list and message before sending, set strict send limits, include unsubscribe or opt-out handling, define retention/deletion rules, and require explicit approval before any scheduled follow-up emails are sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes autonomous lead scraping, website generation, and outbound email automation without any user-facing warnings, consent requirements, rate limits, or compliance guidance. In this context, omission of safeguards is dangerous because the workflow targets external parties and systems, creating privacy, spam, unauthorized data processing, and reputational risk if an agent executes it blindly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal