Back to skill
Skillv1.0.1
ClawScan security
lemlist official · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 21, 2026, 1:51 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a legitimate Lemlist API integration, but the package metadata does not declare the required API credential and the publisher/source are unknown — this mismatch and lack of provenance merit caution before installing.
- Guidance
- This skill's instructions legitimately require a Lemlist API key, but the registry metadata omitted that requirement and the source/homepage are unknown — treat the publisher as unverified. Before installing: (1) verify the skill author or prefer an official source (homepage or repo); (2) provide only a Lemlist API key with minimal permissions and rotate/revoke it if you stop using the skill; (3) store the key securely (beware that adding it to ~/.openclaw/openclaw.json may make it accessible to other local tools/skills); (4) test the skill in a sandboxed agent or Docker environment and monitor Lemlist API usage for unexpected calls; (5) if you intend to receive webhooks, set and verify a webhook secret and host the webhook endpoint securely. The primary red flags are the metadata mismatch (no declared required env) and missing provenance — those are reasons to proceed cautiously rather than a clear indicator of malicious behavior.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly requires a Lemlist API key (primaryEnv: LEMLIST_API_KEY) and describes how to authenticate and call Lemlist endpoints, which is coherent with the stated purpose. However, the registry metadata lists no required env vars and no primary credential; that is an internal inconsistency — the skill will not work without an API key, so the metadata is incomplete/misleading.
- Instruction Scope
- noteThe runtime instructions are focused on Lemlist API usage (endpoints, auth, examples) and instruct the user to add the API key to ~/.openclaw/openclaw.json or expose LEMLIST_API_KEY to the agent/docker sandbox. The instructions do ask to store the API key in the agent config file (persistence), but they do not instruct reading unrelated system files or exfiltrating data to third-party endpoints outside of Lemlist. Scoped to purpose but explicit about writing/storing the API key in agent config.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written by an installer. That is the lowest install risk.
- Credentials
- concernFunctionality requires a single credential (LEMLIST_API_KEY) which is proportionate to the task. However, the registry metadata did not declare this required env var while the SKILL.md does — a mismatch. Also, instructions recommend storing the API key in ~/.openclaw/openclaw.json or passing it to Docker, which may expose the key to other local processes or skills if the config is broadly accessible; users should ensure the key is stored with appropriate protections and consider using a scoped/limited API key.
- Persistence & Privilege
- okThe skill does not request always:true and does not ask to modify other skills or system-wide settings. It does instruct the user to add the API key to the agent config (persistence limited to its own config entry), which is normal for an integration.