ClawHub

Leads Pro

Security checks across malware telemetry and agentic risk

Overview

This is a lead-generation template skill with real privacy and outreach cautions, but it does not show hidden data collection, automatic sending, exfiltration, persistence, or destructive behavior.

Use this only with lawfully obtained business contacts and review every outreach campaign manually. Add your own consent, opt-out, retention, and platform-rules checks before using CRM, Telegram, parsing, enrichment, or reactivation workflows. Inspect install.sh first; the package references .env.example, but that file was not present in the inspected artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes optional CRM and Telegram integrations but omits any warning that business, lead, or contact data may be transmitted to third-party systems. In a lead-generation product, users are likely to process personal and commercial data, so failing to disclose data-flow and privacy implications can lead to unsafe deployment, overcollection, and unauthorized sharing of contact information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises lead search/parsing, segmentation of existing databases, qualification, and reactivation workflows without any privacy, consent, or lawful-use constraints. Because these features are specifically aimed at collecting and processing contact records, the missing safeguards materially increase the risk of misuse for unsolicited outreach, unlawful profiling, or handling personal data without authorization.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill strongly hardcodes Russian/RF-market assumptions, data sources, and channel guidance without clear opt-in, jurisdiction checks, or region-specific compliance warnings. In a lead-generation skill, this can cause users to apply inappropriate outreach, scraping, or procurement-source tactics in the wrong legal or privacy context, increasing risk of noncompliant contact collection and messaging.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly supports lead discovery and enrichment from third-party sources such as LinkedIn, Apollo, Hunter.io, Google Maps, and industry directories, but provides no warning about privacy, consent, lawful basis, or handling of personal/contact data. This creates a real privacy and compliance risk because users may collect, enrich, and process personal data without understanding legal or organizational restrictions, especially when the skill normalizes broad multi-source aggregation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill includes CRM export templates and automation blueprints for routing lead data into HubSpot, Salesforce, Pipedrive, n8n, and Zapier, but does not disclose that contact data may be transferred into external systems and workflows. This is dangerous because users may unintentionally propagate personal data across multiple platforms, increasing exposure, unauthorized sharing risk, and compliance failures if transfers are not reviewed and controlled.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill explicitly states "Без русского языка" (no Russian language), which imposes a language restriction without any user opt-in or contextual justification. In a lead-generation and sales workflow, this can cause the agent to refuse or degrade service for users/prospects based solely on language, creating unfair behavior and limiting safe, expected operation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad, generic complaints such as 'нет клиентов' and 'реклама не работает', which can appear in ordinary discussion without indicating an intent to invoke lead-generation behavior. In an agent skill, weak activation boundaries can cause misfires, over-collection of business context, or unsolicited sales-style workflows on benign user input.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The onboarding explicitly instructs users to segment, qualify, score, and reactivate contact databases, which implies processing personal data and behavioral information without any privacy, consent, retention, or lawful-use guidance. In a lead-generation skill, this omission can directly encourage non-compliant handling of prospect data and outreach to individuals who may not have opted in.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow promotes automated warming sequences, outreach, and reactivation campaigns but does not warn about messaging compliance, consent, unsubscribe handling, or platform anti-spam restrictions. Because the skill is specifically designed for lead generation at scale, users are more likely to operationalize bulk messaging in a way that violates privacy and anti-spam requirements.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example explicitly instructs collecting, scoring, and storing personal contact channels such as Telegram, WhatsApp, email, and phone numbers in a CRM, but provides no privacy notice, lawful-basis guidance, consent checks, retention limits, or handling safeguards. In a lead-generation skill, this omission is material because it normalizes scraping and processing personal data from chats, maps, social platforms, and events without any compliance boundary, increasing risk of privacy violations and unlawful outreach.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger word "реактивируй" is overly broad and can activate the skill for many kinds of contact re-engagement requests without enforcing audience, consent, or channel constraints. In a lead-generation skill, this increases the chance the agent will generate mass outreach workflows for stale or non-consenting contacts, enabling spammy or privacy-invasive behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file provides a detailed mass-reactivation playbook for 120 Telegram contacts, including segmentation, message scripts, follow-ups, and conversion planning, but omits safeguards around consent, lawful basis, opt-out handling before first contact, and platform anti-spam constraints. In this context, the skill materially facilitates unsolicited outreach and misuse of contact history, creating privacy, compliance, and abuse risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs users to find leads and collect contacts for cold outreach, but provides no privacy, consent, lawful-basis, or data-handling guidance. In a lead-generation context, this can normalize scraping or processing personal/business contact data in ways that violate privacy laws, platform terms, or internal compliance requirements.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The quick-start exposes very broad activation phrases such as 'аватар:', 'квалифицируй:', and 'отчёт лиды' without any gating, scoping, or disambiguation rules. In a chat environment, short generic triggers can be invoked accidentally or by unrelated user text, causing the skill to activate in the wrong context, process unintended business data, or override a broader assistant workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal