ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Gen Website Pipeline

v1.0.1

Automated lead generation pipeline that finds local businesses with weak/no websites, AI-generates custom demo sites, deploys to Vercel, and runs a 5-email c...

1· 96·0 current·0 all-time
by@razzledazzlei·duplicate of @razzledazzlei/skill-package
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (find local businesses, build demos, deploy to Vercel, send outreach) aligns with the environment variables and binaries that appear in the SKILL.md (Google APIs, Vercel token, AgentMail, node). However the SKILL.md lists additional API keys and configuration (GOOGLE_SHEET_ID, ANTHROPIC_API_KEY, OPENAI_API_KEY, service account JSON path, etc.) that are not included in the registry 'requires.env' nor in 'required config paths'. That omission is an incoherence: the skill will in practice need more secrets/config than the metadata declares.
!
Instruction Scope
The SKILL.md instructs the user/agent to clone an external GitHub repo and run npm install and long-running poller/send scripts, to save a GCP service account JSON to a specific path (~/.openclaw/workspace/gcp-service-account.json), and to run cron/systemd services that automate scraping, deployments, and outbound emails. These instructions request access to sensitive credentials and persistent execution and also reference environment variables and files not declared in the registry metadata. The instructions also direct scraping and bulk email sending (potential legal/ethical risk) and will cause external code to be fetched and executed on the host.
!
Install Mechanism
The skill is instruction-only (no install spec), but SKILL.md tells you to git clone a GitHub repo and run npm install. That means installing and running third-party code from the repo at runtime; while GitHub is a common source, this is effectively an unreviewed download-and-execute flow. The registry metadata did not include an install spec or packaged code, so a manual review of the repo is required before running.
!
Credentials
The registry 'requires.env' lists four variables, but the SKILL.md and reference files require many more (GOOGLE_SHEET_ID, ANTHROPIC_API_KEY, OPENAI_API_KEY, AGENTMAIL_INBOX, VERCEL_PROJECT_NAME, FORM_EMAIL, BRAND_DOMAIN, and a GCP service-account JSON at a fixed path). Service account JSON is effectively a full GCP credential and is not declared in 'required config paths'. Requiring broad credentials (Google APIs + service account + Vercel token + AgentMail key + optional LLM keys) is proportionate to the pipeline's functionality but the mismatch/undisclosed items are a red flag: the metadata understates the actual credentials that will be needed and accessible.
Persistence & Privilege
The skill is not force-installed (always:false) and does not declare autonomous invocation restrictions, but the pipeline instructions explicitly create persistent pollers/cron jobs and long-running processes that will automatically discover leads, deploy sites, and send drip emails. Autonomous, persistent email-sending and deployment functionality increases blast radius if secrets are compromised, so users should treat the created services as high-privilege and run them in an isolated environment. The skill itself does not request 'always:true', but its recommended setup yields persistent privileged activity.
What to consider before installing
Proceed with caution. Before cloning or running anything: 1) Review the referenced GitHub repository code yourself (npm packages, scripts/send-outreach.js, poller scripts) — do not run npm install blindly. 2) Expect to supply more secrets than the registry lists (Google Sheet ID, GCP service-account JSON, optional Anthropic/OpenAI keys, AgentMail inbox). Treat the GCP JSON and API tokens as sensitive; store them securely and use least-privilege service accounts. 3) Test in an isolated VM/container and run the pipeline in dry-run mode first (the README describes a --dry-run for outreach). 4) Be aware this automates scraping and cold emails (possible legal, spam, or terms-of-service issues); confirm this behavior is acceptable for your use case and compliant with local law and service TOS. 5) Consider restricting network/access (scoped service account, restricted tokens), rotate tokens after testing, and audit outgoing emails and deployed sites frequently. 6) Ask the publisher to update metadata to declare all required env vars and config paths (GOOGLE_SHEET_ID, GCP service-account path, optional LLM keys) so the risk surface is explicit.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fjcf6yve13t7eabb5d6frs836w6e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsnode
EnvGOOGLE_PLACES_API_KEY, GOOGLE_API_KEY, VERCEL_TOKEN, AGENTMAIL_API_KEY

Comments