Back to skill
Skillv1.0.0
ClawScan security
Lead List Builder Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 3:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions clearly require multiple external credentials and will collect/write contact data, but the registry metadata does not declare those requirements and the skill delegates to other skills — this mismatch and the sensitive data flows warrant caution.
- Guidance
- Do not install blindly. Key points to consider before using: 1) The SKILL.md requires multiple API keys and a Google service-account JSON, but the registry metadata does not declare these — confirm the required credentials explicitly before giving access. 2) The agent will collect PII (emails, phones, owner names) and write it to a Google Sheet — ensure you have legal/consent reasons to collect/store that data and use a least-privilege service account (share only the target sheet, give narrow permissions). 3) The skill delegates to other specialized skills (serper-search, website-auditor, contact-enrichment, lead-scorer) which may themselves require additional keys or have different behaviors — verify those skills are trustworthy. 4) Because the package contains no code files here, dependency installation is manual (pip list in setup guide); run installs in an isolated environment and review any third-party packages you add. 5) If you decide to proceed, prefer a dedicated Google service account with limited scope and do not reuse organization-wide credentials. If you want higher assurance, ask the publisher for: a) an explicit manifest of required env vars and scopes, b) pointers to the other named skills, and c) a minimal reproducible implementation you can review.
Review Dimensions
- Purpose & Capability
- concernThe described capability (finding outdated websites, auditing, enriching contacts, and writing to Google Sheets) matches the actions described in SKILL.md and the reference docs. However, the registry metadata lists no required environment variables or credentials while SKILL.md and the setup guide explicitly require multiple API keys and a Google service account file. That discrepancy is an incoherence: the declared package footprint (none) does not reflect the real credential/scope needs.
- Instruction Scope
- noteInstructions stay within the stated purpose (search Google, scrape/inspect sites, WHOIS and Hunter lookups, run PageSpeed checks, and write to a Google Sheet). The agent will collect personally identifiable information (emails, phone numbers, owner names) and send results to an external Google Sheet (requires service account). These flows are expected for a lead builder but are sensitive and should be explicit up front.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files. The included setup guide lists a pip install command for dependencies (requests, BeautifulSoup, Wappalyzer, gspread, etc.), which is sensible for the described tasks. Because there is no automated install step, nothing will be written/executed by the skill bundle itself — but the operator must install dependencies separately.
- Credentials
- concernSKILL.md and the setup guide require multiple secrets: SERPER_API_KEY, PAGESPEED_API_KEY, HUNTER_API_KEY (optional), Google Sheets name and path to a service-account JSON (GOOGLE_CREDS_FILE), and optionally DataForSEO credentials. Those credentials are proportionate to the feature set, but the registry metadata lists no required env vars and no primary credential — a mismatch. The Google service-account JSON in particular is sensitive (full Sheet access if misconfigured) and should be explicitly declared and limited.
- Persistence & Privilege
- okThe skill does not request permanent inclusion (always: false) and does not declare any mechanism to modify other skills or system-wide settings. It will invoke external services (Google Sheets, WHOIS, Hunter, PageSpeed) in the normal course of operation; autonomous invocation is allowed by default but is not combined here with elevated privileges.