Lead Scorer
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to perform the advertised lead-scoring work, with cautions about web-fetching behavior and dependency setup rather than evidence of malicious behavior.
This skill is reasonable to use if you are comfortable with a local script making outbound DNS and website requests to lead domains. Use normal rate limits, install dependencies from a trusted environment, and consider tightening URL-following and HTTPS verification before running it on large or untrusted lead lists.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A website being scored could cause the script to make additional outbound requests to sitemap locations it declares, which may be surprising in restricted network environments.
The scraper follows sitemap URLs discovered from a target site's robots.txt. This is normal for sitemap parsing, but those URLs are not visibly limited to the originally requested domain.
if line.lower().startswith("sitemap:"):
sitemap_url = line.split(":", 1)[1].strip()
if sitemap_url and sitemap_url not in urls_to_try:
urls_to_try.insert(0, sitemap_url)
...
result = fetch_url(url)Run it in an environment where outbound web crawling is acceptable, and consider adding scheme and host allowlisting if scoring untrusted or large lead lists.
Network attackers or misconfigured proxies could spoof site content and affect lead scores, though the artifacts do not show credential handling or exfiltration.
The visible HTTP helper disables HTTPS certificate and hostname verification for fetched pages.
ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE
Keep HTTPS verification enabled by default, or make insecure fetching an explicit user option with a warning.
The installed package version may vary over time or across machines.
The dependency is installed manually without a pinned version or lockfile in the provided artifacts.
pip3 install dnspython
Install from a trusted Python environment and prefer a pinned requirements file for repeatable setup.