ClawHub

Contact Finder

v0.1.0

Find professional emails and contacts from a name + company/domain using SerpAPI + OpenAI GPT-4o-mini.

0· 270·0 current·0 all-time
byMarouane@mrnsmh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (find professional emails via SerpAPI + OpenAI) matches the code and instructions. However the registry metadata declares no required environment variables or primary credential while BOTH the SKILL.md and the script require SERPAPI_KEY and OPENAI_API_KEY (and optionally BRAVE_API_KEYS). The missing declaration in registry metadata is an incoherence that users should notice before installing/using the skill.
Instruction Scope
The SKILL.md and the script instruct the agent to run searches (SerpAPI or Brave), collect snippets, and send those snippets to OpenAI to extract/validate contacts; they also generate pattern-based guesses. The instructions do not attempt to read unrelated local files or other secrets. The agent will transmit collected search snippets (which can contain PII) to external APIs as part of normal operation — this is expected for the stated purpose but is a privacy consideration.
Install Mechanism
There is no install spec (instruction-only skill) and the SKILL.md suggests pip3 install openai requests. No archive downloads or obscure install URLs are used. Risk from the install mechanism is low.
!
Credentials
The skill legitimately requires SERPAPI_KEY and OPENAI_API_KEY (and optionally BRAVE_API_KEYS) to function — those are proportionate to the task. However, the registry metadata did not list these required env vars or a primary credential, which is inconsistent and makes it easy to overlook that sensitive keys are needed. Additionally, the script logs a Brave key snippet in warnings (it prints key[:10]...), which could reveal partial key material to logs/monitors.
Persistence & Privilege
The skill does not request always:true, does not modify system/other-skill configs, and has no install step that writes persistent binaries. It runs on demand and does not request elevated platform privileges.
What to consider before installing
This skill appears to do what it says (search public sources and use GPT to extract/validate contact info), but the registry omitted the required API keys — you must supply SERPAPI_KEY and OPENAI_API_KEY (and optionally BRAVE_API_KEYS) in your environment for it to work. Before installing or running: (1) review the included Python script yourself (it is present and readable) and confirm you're comfortable sending search snippets to OpenAI/SerpAPI/Brave; these snippets may contain personal data. (2) Use least-privilege API keys or billing/usage limits for OpenAI and SerpAPI to limit exposure and cost. (3) Consider running the script in an isolated environment (container) if you want to limit log exposure; note the script can print partial Brave keys in warnings. (4) Verify legal/compliance constraints (GDPR/consent) before mass-collecting or storing contact data. If you want to proceed, add the required env vars to the skill's configuration or shell only after understanding the privacy and billing implications.

Like a lobster shell, security has layers — review code before you run it.

latestvk979np7ztxmexfv2zhpk4btr1n81yhb1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

contact-finder

Find professional emails and contacts from a name + company/domain. Combines SerpAPI (Google Search) and OpenAI GPT-4o-mini to search, extract, and validate contacts.

Usage

python3 scripts/find_contacts.py --company "Acme Corp" --domain "acme.com" --name "John Doe"
python3 scripts/find_contacts.py --company "Stripe" --domain "stripe.com"
python3 scripts/find_contacts.py --company "OpenAI" --domain "openai.com" --name "Sam Altman" --output json

Options

FlagDescriptionRequired
--companyCompany name
--domainEmail domain (e.g. acme.com)
--nameFull name to search (optional)
--outputOutput format: table (default) or json

Output

Returns a list of contacts with:

  • email — Found or guessed email address
  • linkedin — LinkedIn profile URL (if found)
  • title — Job title (if found)
  • confidencehigh / medium / low

Setup

pip3 install openai requests

Set credentials in environment or edit scripts/find_contacts.py:

  • SERPAPI_KEY
  • OPENAI_API_KEY

How It Works

  1. Search Google via SerpAPI: "name" site:domain email, LinkedIn profiles
  2. Generate common email format guesses (firstname@, f.lastname@, firstname.lastname@...)
  3. Use GPT-4o-mini to extract/validate emails from search snippets
  4. Score confidence based on source (direct find = high, pattern guess = low/medium)

References

See references/patterns.md for email pattern documentation and sources.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…