Back to skill
Skillv1.0.0
ClawScan security
High Intent Lead Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 4, 2026, 9:07 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions require external service tokens and broad web scraping (Apify, InVideo, Claude) but the published metadata does not declare any required credentials or install steps — that mismatch and the wide external access raise coherence and data-handling concerns.
- Guidance
- This skill's description and runtime instructions clearly need API tokens (Apify, InVideo, and likely a Claude key) and will perform broad web scraping and content generation — but the published metadata does not declare those credentials. Before installing or providing secrets, ask the publisher: (1) exactly which credentials are required and why, (2) whether the skill will transmit/store those tokens and where, (3) whether the skill will automatically send outreach (emails/DMs/videos) or only generate drafts for review, (4) how scraped personal data is retained, logged, or shared, and (5) what rate limits and legal compliance (LinkedIn/TOS, Crunchbase, Twitter/X, G2) steps are in place. If you proceed, prefer giving tokens with minimum scopes, test in a sandbox account, and require manual approval before any outbound contact is sent. If the publisher cannot clarify how credentials are handled or refuses to list required env vars in the metadata, consider this a blocking issue.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to use Apify, InVideo AI, and Claude to scrape many sources and produce personalized outreach. That purpose legitimately requires API credentials and network access to those services, yet the registry metadata lists no required env vars, primary credential, or install steps. The absence of declared credentials (Apify token, InVideo API key, Claude key) is inconsistent with the described functionality.
- Instruction Scope
- concernSKILL.md explicitly instructs scraping LinkedIn posts/jobs, Crunchbase, Twitter/X, Google News, Reddit, G2/Trustpilot and using Wappalyzer to detect tech changes, then generating outreach and videos. The instructions do not ask the agent to read local files, but they do require broad network scraping and use of third-party APIs. The file includes example inputs containing 'apify_token' and 'invideo_api_key', but the skill metadata does not declare these as required — an operational/information gap that could lead to hidden prompts to provide secrets at runtime.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files, so it does not write binaries or archives to disk. That reduces installation risk; however, runtime network calls to external services still create an operational risk surface.
- Credentials
- concernAlthough the metadata declares no required environment variables, the SKILL.md demonstrates clear runtime dependencies on secrets (e.g., 'apify_token', 'invideo_api_key', and implicitly a Claude credential). Requiring multiple third‑party credentials for scraping and AI generation is reasonable for the stated purpose, but the omission from declared requirements is a red flag — users may be prompted to paste sensitive tokens without clear disclosure of what will be stored or transmitted.
- Persistence & Privilege
- okThe skill does not request 'always: true' and does not claim to modify agent-wide settings or other skills. Autonomous invocation is enabled by default but not exceptional here. No config paths are requested. Combined with the other concerns, monitor whether the skill will be allowed to perform outbound actions (send outreach) autonomously.