lemlist official

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Lemlist API documentation skill, but it gives an agent broad authority to send outreach, export lead/contact data, change records, and create external webhooks without clear confirmation or scoping safeguards.

Install only if you trust the publisher and are comfortable letting an agent operate your Lemlist account. Use a dedicated or least-privilege API key if available, start with test campaigns, and require explicit confirmation before sending messages, starting campaigns, deleting or changing data, exporting contacts/leads, changing unsubscribes, or creating webhooks to external URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill enables destructive and privacy-impacting actions such as deleting variables, managing unsubscribes, sending outbound messages, creating webhooks, and exporting lead/contact data, but it does not include any caution, confirmation, or least-privilege guidance. In an agent setting, lack of explicit warnings increases the risk of unintended destructive actions or unauthorized outreach/data export based solely on ambiguous user prompts.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The webhook documentation states verification is based on comparing a secret embedded directly in the JSON payload, rather than a cryptographic signature over the request. This is dangerous because anyone who learns or guesses the secret can forge webhook requests, and the docs do not clearly warn integrators that this mechanism provides weaker authenticity guarantees than HMAC-style signing.

Tool Parameter Abuse

High

Category: Tool Misuse
Content: - **Email encoding** — `@` → `%40` in URL path params - **Webhook auto-deletion** — 404/410 response silently removes the webhook - **No rate limiting** — the public API does not throttle - **Variable deletion** — `DELETE /leads/:id/variables` deletes vars, not the lead - **Sync vs async export** — `/export` returns CSV directly, `/export/start` + poll for large volumes - **Limits** — 100 items/page, 200 webhooks/team, 100 API keys/team
Confidence: 84% confidence
Finding: DELETE /leads/:id/variables`

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal