ClawHub

Gov Permit Scraper

Security checks across malware telemetry and agentic risk

Overview

This skill openly builds sales leads from public permit records, but it can automatically send cold emails to discovered contacts without a clear approval gate.

Install only if you intentionally want a cold-outreach automation tool. Run it with --dry-run first, inspect the generated CSV and recipient list, use a dedicated low-limit sending key, and add an explicit approval step before any emails are sent. Confirm applicable privacy, anti-spam, unsubscribe, suppression-list, and public-record-use requirements for every target jurisdiction and campaign.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares operational requirements for sensitive environment-backed capabilities such as Brave Search and Resend API keys, but the provided metadata does not declare corresponding permissions. That mismatch reduces transparency and can cause an agent or reviewer to underestimate what secrets and external actions the skill may use, which is risky in a workflow that scrapes, enriches, and emails third parties.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The description includes broad activation language like 'Use when' for generalized lead-generation and prospecting tasks, which can cause the skill to trigger in contexts beyond narrowly scoped government-permit scraping. In this case, over-broad routing is more dangerous because the skill performs enrichment and outreach, so accidental invocation could lead to collection of contact data and unsolicited email activity against unintended targets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes automated outreach, follow-up sequences, and email sending to external parties without a prominent warning or consent checkpoint. This is dangerous because it enables third-party-impacting actions—unsolicited contact, repeat messaging, and potential compliance violations—within a scraping pipeline that turns public records into sales leads.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The document gives compliance guidance for cold email while covering only US CAN-SPAM and EU/UK GDPR, but it also makes broad legality claims such as 'B2B cold email IS legal' and 'Government permit data is public record — fully legal to use for outreach.' In a skill designed for automated lead generation and outreach from government records, users may reasonably treat this as generally applicable guidance and violate other jurisdictions' marketing, privacy, or anti-spam laws where consent or stricter notice rules apply.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly instructs users to enrich public permit records with email addresses and then automatically send outreach within 48 hours, but provides no privacy, consent, anti-spam, or terms-of-service safeguards. In the context of a lead-generation skill, this creates a real risk of facilitating unsolicited contact, non-compliant data processing, and abusive scraping/email workflows at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The pipeline automatically sends outreach emails to discovered contacts as part of normal execution, with no explicit opt-in step, approval gate, recipient review, rate limiting, or compliance checks. In this skill's context, the behavior is especially risky because it operationalizes scraped public-record data into unsolicited outbound email, which can lead to spam, regulatory exposure, and unintended messaging to incorrect or personal addresses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal