Skillv1.0.0

ClawScan security

Lead Gen Pipeline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 4, 2026, 10:03 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions require deploying demo sites to a VPS and sending Gmail pitches but the package declares no credentials or install steps — this mismatch is a red flag and needs clarification before use.
Guidance: This skill automates web scraping, builds demo sites using real business names/phones, deploys those sites to a VPS, and sends personalized cold emails — but it declares no credentials or install steps. Before installing: 1) Ask the publisher which VPS credentials/SSH keys and which Gmail account the skill will use and how those are supplied; refuse to give your primary accounts until you verify. 2) Require the agent to run in interactive/manual mode for the first runs (no automatic emailing or deployment) and review each demo and email before send. 3) Use disposable/test VPS and a throwaway Gmail account to validate behavior and rate-limiting. 4) Verify the referenced site-cloner and gog (Gmail) skills: inspect their permissions and credential handling. 5) Be aware of privacy and legal risks (storing scraped PII in leads.md, unsolicited emails/anti-spam laws, trademark/impersonation risks). 6) If you cannot identify who runs or maintains this skill (source unknown, no homepage), treat it with extra caution — the missing credential declarations and cross-skill calls are the main red flags.

Review Dimensions

Purpose & Capability: concernThe skill claims to find leads, build demo HTML sites, deploy them to a VPS, and send Gmail pitch emails. Those capabilities legitimately require access to external accounts (VPS credentials, an email account) and possibly other skills (site-cloner, gog). However the package declares no required environment variables, credentials, binaries, or install steps. That is inconsistent: deployment and automated email sending normally require explicit credential/config declarations.
Instruction Scope: concernSKILL.md instructs the agent to: run web_search and web_fetch to scrape business contact info, generate demo sites using real business names/phones, save them to demo-sites/, deploy to a VPS (using another skill's 'VPS deploy pattern'), and send personalized cold emails via the gog (Gmail) skill. These are broad actions (web scraping, storing PII in leads.md, remote deployment, sending outbound email). The instructions reference cross-skill actions and external endpoints but do not limit or describe required permissions, nor do they require explicit user confirmation before sending messages — giving the agent wide discretion.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes disk-write/install risk. There are no download URLs or packaged binaries to evaluate.
Credentials: concernNo environment variables or primary credentials are declared, yet the workflow depends on: VPS credentials (or SSH keys) to deploy demo sites, and Gmail (or an email-sending credential) to send pitches. The skill also writes and reads ~/workspace/leads.md (which will contain scraped PII). The lack of declared credential requirements is disproportionate and hides what secrets the agent will need or attempt to use.
Persistence & Privilege: notealways:false (normal). Autonomous invocation is allowed (disable-model-invocation:false), so if installed the agent could automatically perform multi-step actions (scraping, deploying, emailing) without further prompts. That autonomous ability combined with the undeclared credential needs increases operational risk and potential for unintended mass emailing or unauthorized deployments; proceed with controls (explicit prompts, test account) if you install.