ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

badgebot

v1.0.0

Monitor a Slack channel for images/text of leads (badges, business cards), extract data, enrich with Apollo.io API, let Apollo auto-sync to HubSpot, search H...

0· 31·0 current·0 all-time
byMark Chen@mchensf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a Slack→Apollo→HubSpot lead-processing pipeline which legitimately needs Slack, Apollo, and HubSpot credentials. However the registry lists no required env vars or primary credential while the instructions explicitly require reading tokens from specific files (e.g., ~/.openclaw/credentials/slack-bot-token, ~/.openclaw/credentials/apollo-api-key, ~/.openclaw/credentials/hubspot-api-key). That metadata mismatch is an inconsistency and should be explained by the publisher.
!
Instruction Scope
Instructions are detailed and mostly limited to the stated purpose (poll a specific Slack channel, download attachments to /tmp, call Apollo and HubSpot APIs, DM a hard-coded user, maintain a state file under ~/clawd). Concerns: (1) hard-coded Slack channel ID (C0AQAJ8VD8A), user ID (U03H7C6HW5B), and Portal ID (43856876) — indicates targeting a specific org; (2) instructions rely on reading credentials from files in the user's home without those files being declared in the registry; (3) the skill will read and write local state and log files which may contain identifiable lead data. These are within the task scope but require explicit disclosure.
Install Mechanism
No install spec and no code files — this is an instruction-only skill. That reduces some risk because nothing is downloaded or written by an installer step. The runtime instructions still perform network calls and file I/O.
!
Credentials
The runtime needs sensitive credentials (Slack bot token, Apollo API key, HubSpot token) — which are proportionate to the described integration. However the registry declares no required env vars or primary credential, and the SKILL.md requires tokens stored in specific local paths instead of declared env vars. Also the Apollo call sets reveal_personal_emails=true which requests personal contact data; users should confirm they have the legal/organizational right to enrich and store such data.
Persistence & Privilege
The skill does not request always:true and will not be force-included. It does persist state under ~/clawd/memory/slack-lead-scanner-state.json and write logs to memory/YYYY-MM-DD.md — behavior expected for a poller. It does not claim to modify other skills or system-wide agent settings.
Scan Findings in Context
[no-findings] expected: The regex scanner found no code files to analyze. This is consistent with an instruction-only skill, but it means the SKILL.md is the primary security surface to review.
What to consider before installing
Key things to consider before installing: 1) Metadata mismatch: ask the publisher why the registry lists no required credentials while the instructions require Slack, Apollo, and HubSpot tokens stored in specific files. Prefer skills that declare required credentials explicitly. 2) Least privilege: create dedicated, minimal-scope API tokens (Slack bot token limited to the single channel and DM actions, Apollo/HubSpot tokens scoped as narrowly as possible). Avoid using owner/global admin tokens. 3) Test in staging: run the skill in a non-production/test workspace and portal to verify behavior and that only intended messages are read/updated. 4) Inspect provenance: request source code or a homepage from the publisher (none is provided). Without source or a trusted publisher, exercise extra caution. 5) Data exposure and compliance: the skill enriches with personal emails (reveal_personal_emails=true) and stores lead data in local state and logs — ensure this matches your data-handling and privacy policies. 6) Rotation & monitoring: if you try it, use short-lived tokens where possible and rotate them after testing; monitor API call patterns and logs for unexpected activity. If the publisher cannot explain the missing metadata or provide source, treat the skill as higher risk and avoid installing it with privileged credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726vt24ez70rar7m4c6v4js184097y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments