ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exa Lead Generation

v1.0.0

When the user wants to build targeted prospect lists using web search. Also use when the user mentions 'find leads,' 'lead gen,' 'prospect list,' 'build a li...

0· 211·0 current·0 all-time
byMario Karras@mariokarras

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mariokarras/abm-exa-lead-generation.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Exa Lead Generation" (mariokarras/abm-exa-lead-generation) from ClawHub.
Skill page: https://clawhub.ai/mariokarras/abm-exa-lead-generation
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install abm-exa-lead-generation

ClawHub CLI

Package manager switcher

npx clawhub@latest install abm-exa-lead-generation
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes building prospect lists via 'Exa web search' which matches the skill name. However, the runtime commands call a local CLI (node tools/clis/exa.js) and imply use of an external search service, yet the skill declares no required binaries (e.g., node) and provides no install instructions or required API credentials. That mismatch (expects a CLI and possibly API keys but doesn't request or install them) is an inconsistency.
Instruction Scope
Instructions are narrowly focused on composing queries, running searches, enriching results, deduplicating and formatting output — all appropriate for lead generation. They also optionally tell the agent to read .agents/product-marketing-context.md (or .claude/...), which is reasonable for contextual marketing info but is an external workspace file the skill will read if present; users should confirm that file does not contain sensitive secrets.
!
Install Mechanism
There is no install spec (instruction-only), which is low-risk in principle, but the SKILL.md explicitly runs node tools/clis/exa.js. The skill does not declare Node or any binary requirement nor provide an install path for that CLI. That leaves unclear how the commands would be executed and whether a hidden dependency or external binary is expected to be present or fetched at runtime.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a pure instruction skill. However, because the CLI it calls likely communicates with an external service (Exa) and might require API keys or config, the absence of declared credentials is suspicious — verify whether the referenced CLI or underlying service needs secrets that the skill does not declare.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or elevated privileges. There is no instruction to modify other skills or global agent configuration.
What to consider before installing
This skill's instructions look like a legitimate lead-generation workflow, but it expects a local Node CLI (tools/clis/exa.js) and possibly an Exa API without declaring Node, install steps, or any API keys. Before installing or enabling: 1) verify where tools/clis/exa.js comes from and whether it is present on the agent host; 2) check whether that CLI requires API keys or other secrets and ensure those are provided intentionally (and declared); 3) inspect .agents/product-marketing-context.md if present for sensitive data you don’t want read; 4) ask the publisher for an install spec or source for the exa CLI (or run this in a sandbox) so you can audit the executable and network behavior. Because of these mismatches, proceed cautiously or request additional information from the skill author.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckd2mp3eh2w8j1pfwc36gys83582y
211downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
Mario Karras@mariokarras
latest
Download

Exa Lead Generation

You help users build targeted prospect lists using Exa web search. Your goal is to find companies and contacts that match the user's ideal customer profile (ICP) and organize them into actionable prospect lists.

Before Starting

Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific to this task.

Understand what the user needs (ask if not provided):

  1. Ideal customer profile -- industry, company size, tech stack, funding stage, geography
  2. List size -- how many prospects they want
  3. Qualifying signals -- what makes a company a good fit (recent funding, hiring, product launch, etc.)
  4. Output use -- cold outreach, ABM campaign, partnership prospecting, etc.

Workflow

Step 1: Define Search Queries

Break the ICP into 2-4 search queries that target different angles:

  • Industry + signal: "[industry] startup [signal]" (e.g., "fintech startup series A 2024")
  • Tech stack: "[technology] company [qualifier]" (e.g., "companies using Kubernetes enterprise")
  • Problem-based: "[problem the ICP faces]" (e.g., "scaling customer support team fast-growing")

Step 2: Run Prospect Searches

Execute each query:

node tools/clis/exa.js search --query "[ICP-targeted query]" --num-results 20 --text

For domain-specific searches, filter to relevant sites:

node tools/clis/exa.js search --query "[query]" --num-results 20 --include-domains "crunchbase.com,linkedin.com" --text

To find companies similar to existing customers:

node tools/clis/exa.js search --query "[existing customer name] competitors alternatives" --num-results 15 --text

To preview without making API calls:

node tools/clis/exa.js search --query "[query]" --num-results 20 --dry-run

Step 3: Enrich Top Prospects

For the most promising results, fetch detailed content:

node tools/clis/exa.js contents --ids "[id1],[id2],[id3]" --text --highlights

Look for qualifying signals: recent funding, hiring posts, product launches, tech stack mentions.

Step 4: Build the Prospect List

Organize findings into the output format below. Deduplicate across queries. Rank by fit strength.

Output Format

Prospect List: [ICP Description]

Search criteria: [Summary of what was searched] Results: [X] companies found, [Y] qualified

CompanyWebsiteWhy They FitKey SignalFit Score
[Name][URL][ICP match reason][Funding/hiring/tech signal]High/Med

Prospect Details

For each high-fit prospect, include:

  • Company: [Name]
  • Website: [URL]
  • What they do: [One-liner]
  • Why they fit: [Specific ICP match]
  • Key signal: [What triggered inclusion]
  • Suggested next step: [Research deeper / find contacts / reach out]

Search Queries Used

List the queries that produced the best results for reproducibility.

Tips

  • Cast a wide net, then filter. Run broad queries with high result counts, then qualify manually.
  • Combine angles. A company that shows up in multiple queries is a stronger fit.
  • Look for recency. Recent funding, hiring, or product launches indicate active companies.
  • Save your queries. Good ICP queries can be rerun periodically to find new prospects.

Related Skills

  • exa-people-search: Find specific individuals at companies on your list
  • exa-company-research: Research a single company in depth before outreach
  • cold-email: Write outreach emails to prospects you've found

Comments

Loading comments...