ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Gen Pipeline

v1.0.0

Full automated lead generation pipeline for web design agencies. Finds local businesses without websites or with broken sites, builds demo HTML sites for the...

0· 25·0 current·0 all-time
by@michelle447
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to find leads, build demo HTML sites, deploy them to a VPS, and send Gmail pitch emails. Those capabilities legitimately require access to external accounts (VPS credentials, an email account) and possibly other skills (site-cloner, gog). However the package declares no required environment variables, credentials, binaries, or install steps. That is inconsistent: deployment and automated email sending normally require explicit credential/config declarations.
!
Instruction Scope
SKILL.md instructs the agent to: run web_search and web_fetch to scrape business contact info, generate demo sites using real business names/phones, save them to demo-sites/, deploy to a VPS (using another skill's 'VPS deploy pattern'), and send personalized cold emails via the gog (Gmail) skill. These are broad actions (web scraping, storing PII in leads.md, remote deployment, sending outbound email). The instructions reference cross-skill actions and external endpoints but do not limit or describe required permissions, nor do they require explicit user confirmation before sending messages — giving the agent wide discretion.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes disk-write/install risk. There are no download URLs or packaged binaries to evaluate.
!
Credentials
No environment variables or primary credentials are declared, yet the workflow depends on: VPS credentials (or SSH keys) to deploy demo sites, and Gmail (or an email-sending credential) to send pitches. The skill also writes and reads ~/workspace/leads.md (which will contain scraped PII). The lack of declared credential requirements is disproportionate and hides what secrets the agent will need or attempt to use.
Persistence & Privilege
always:false (normal). Autonomous invocation is allowed (disable-model-invocation:false), so if installed the agent could automatically perform multi-step actions (scraping, deploying, emailing) without further prompts. That autonomous ability combined with the undeclared credential needs increases operational risk and potential for unintended mass emailing or unauthorized deployments; proceed with controls (explicit prompts, test account) if you install.
What to consider before installing
This skill automates web scraping, builds demo sites using real business names/phones, deploys those sites to a VPS, and sends personalized cold emails — but it declares no credentials or install steps. Before installing: 1) Ask the publisher which VPS credentials/SSH keys and which Gmail account the skill will use and how those are supplied; refuse to give your primary accounts until you verify. 2) Require the agent to run in interactive/manual mode for the first runs (no automatic emailing or deployment) and review each demo and email before send. 3) Use disposable/test VPS and a throwaway Gmail account to validate behavior and rate-limiting. 4) Verify the referenced site-cloner and gog (Gmail) skills: inspect their permissions and credential handling. 5) Be aware of privacy and legal risks (storing scraped PII in leads.md, unsolicited emails/anti-spam laws, trademark/impersonation risks). 6) If you cannot identify who runs or maintains this skill (source unknown, no homepage), treat it with extra caution — the missing credential declarations and cross-skill calls are the main red flags.

Like a lobster shell, security has layers — review code before you run it.

agencyvk976z8bb9cq4c4vhsfg9pzk51x846w8zlatestvk976z8bb9cq4c4vhsfg9pzk51x846w8zleadsvk976z8bb9cq4c4vhsfg9pzk51x846w8zoutreachvk976z8bb9cq4c4vhsfg9pzk51x846w8zweb-designvk976z8bb9cq4c4vhsfg9pzk51x846w8z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments