B2B Lead Generation Scraper
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill needs review because it asks for your LinkedIn browser session cookie and promotes high-volume scraping with detection-avoidance language.
Install only if you are comfortable giving the workflow a LinkedIn session cookie and running bulk scraping. Prefer a scoped, official API-based lead source, review the actual scraping code before use, set strict per-run limits, and delete raw lead files when no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing this cookie could let the skill act through your LinkedIn session for scraping and may expose your account to misuse or restriction if the cookie is mishandled.
A raw li_at cookie is an active browser session, not a narrowly scoped API token. The registry metadata also declares no required env vars or primary credential, so this high-impact credential is under-disclosed and not clearly bounded.
| `LI_SESSION` | LinkedIn session cookie (`li_at` value from your browser) |
Avoid giving a raw browser session cookie unless you fully trust the workflow. Prefer official scoped APIs/OAuth, clearly declare the credential in metadata, limit what the agent can do with it, and revoke the session after use.
The agent may perform bulk authenticated scraping that could violate site protections, trigger account restrictions, or collect data outside the user's intended scope.
The skill combines headless browser automation with explicit detection-avoidance wording for bulk scraping. That is purpose-aligned for a scraper, but it is materially risky and not bounded by clear approval, source, or account-safety limits.
Chromium must be available on the host for Selenium headless mode ... Never scrape more than 200 profiles per hour to avoid detection
Require explicit per-run approval, define allowed sources and maximum volumes, respect site rules and robots/terms, and avoid workflows framed around evading detection.
A user or agent may need to supply or generate the actual scraping implementation, so the reviewed artifact does not show exactly what code will handle the LinkedIn cookie or scraped data.
The skill describes Python, Selenium, webdriver-manager, pandas, requests, and Chromium requirements in SKILL.md, but no reviewed code or installer is provided in the artifact set. This is a provenance/inspectability note rather than standalone proof of unsafe execution.
No install spec — this is an instruction-only skill.
Publish the implementation, dependency versions, and install instructions for review before using it with credentials or large-scale scraping.
Raw personal contact data may remain on disk after the run and could be reused, shared, or imported later without additional review.
The skill persists raw collected lead data locally before cleaning. This is expected for lead generation, but the artifact does not describe retention, deletion, access controls, or reuse limits.
Save raw data before cleaning in `data/raw/`
Set a clear output location, retention period, and deletion process for raw and cleaned lead files, and ensure collection and CRM import comply with applicable privacy obligations.