DataMerge
v1.1.0Enrich companies and find B2B contacts using the DataMerge MCP server (mcp.datamerge.ai). Use when the user needs company firmographic data, validated contac...
⭐ 0· 356·1 current·1 all-time
byPoolside Ventures@poolside-ventures
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description align with the instructions: all steps reference the DataMerge MCP server (mcp.datamerge.ai) and DataMerge workflows (company enrichment, contact search, lookalikes, lists). There are no unrelated services, binaries, or config paths requested.
Instruction Scope
SKILL.md contains clear, scoped runtime instructions for calling the DataMerge API, polling jobs, and using credits. It does not instruct reading local files, unrelated env vars, or transmitting data to unexpected endpoints beyond app.datamerge.ai and mcp.datamerge.ai.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by an installer.
Credentials
The instructions require a DataMerge API key (explicitly mentioned), but the registry metadata lists no required env vars or primary credential. This is a minor inconsistency: the skill will need user-provided credentials at runtime even though none are declared in metadata.
Persistence & Privilege
always:false and no config paths requested. The skill does not request persistent system presence or elevated privileges. Model invocation is allowed (default), which is expected for a service integration.
Assessment
This skill appears to do what it says: it calls DataMerge APIs and requires the user's DataMerge API key. Before installing or using it: (1) Confirm you trust https://mcp.datamerge.ai and https://app.datamerge.ai and review their privacy/terms for sending contact/company data; (2) Note the registry metadata did not declare the API key — be clear how the key will be provided/stored and avoid entering a high-privilege or production key until tested; (3) Prefer using a limited/test API key or account and monitor credit usage; (4) Be cautious about sending sensitive PII (personal emails/phone numbers) to the service; (5) If you do not want the agent to call the external API autonomously, disable autonomous invocation or require user consent before actions. If you want higher assurance, ask the publisher to add a declared primary credential in the metadata and provide a privacy/data-handling statement.Like a lobster shell, security has layers — review code before you run it.
latestvk97879z6q5fbztcw54967gzz6x82aqvm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.