Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Package
v1.0.0Automated lead generation pipeline that finds local businesses with weak/no websites, AI-generates custom demo sites, deploys to Vercel, and runs a 5-email c...
⭐ 0· 94·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (discover leads, generate sites, deploy, and send outreach) is coherent with the things it actually does, but the metadata omits several sensitive items the SKILL.md requires. Metadata lists GOOGLE_PLACES_API_KEY, GOOGLE_API_KEY, VERCEL_TOKEN, AGENTMAIL_API_KEY and node, yet the SKILL.md also references GOOGLE_SHEET_ID, ANTHROPIC_API_KEY, OPENAI_API_KEY, a GCP service-account JSON file path, and other env vars. The mismatch (declared vs used credentials/config) is an incoherence worth flagging.
Instruction Scope
The SKILL.md directs cloning a public GitHub repository and running `npm install` and Node scripts that will scrape websites, call Google APIs, deploy to Vercel, and send outreach via AgentMail. It also instructs saving a GCP service-account JSON to a specific path (~/.openclaw/workspace/gcp-service-account.json) and configuring cron/systemd to run the pipeline. Those instructions cause the agent/container to fetch and execute arbitrary remote code and store sensitive keys on disk — scope goes beyond a small helper and includes broad system and network activity.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the runtime instructions require `git clone` of an external repo and `npm install` — this downloads arbitrary code and dependencies from the network and writes them to disk. That is a high-risk install pattern unless the repository and exact release/commit are verified. The skill does not pin to releases or commit SHAs in the instructions.
Credentials
The skill asks for multiple sensitive credentials (Google Places/API keys, Vercel token, AgentMail API key) and implicitly requires additional secrets (Anthropic/OpenAI keys, Google Sheets ID, GCP service-account JSON) that are not declared in the manifest. These tokens grant broad capabilities (API access, deployment rights, ability to send emails) appropriate for the stated purpose but also carry abuse risk; the missing declarations and required on-disk service account key are disproportionate without explicit justification and least-privilege guidance.
Persistence & Privilege
always:false (good), but the instructions explicitly tell you to set up a poller as a systemd service or a cron job and to save service-account credentials on disk; this grants the pipeline persistent execution and ongoing ability to send emails and deploy sites. Autonomous invocation is allowed by default — combined with the other concerns this increases the blast radius. The skill does not request 'always:true', but it does guide installation of persistent processes.
What to consider before installing
This skill performs broad, sensitive operations (cloning and running remote code, storing a GCP service-account JSON on disk, deploying sites with your Vercel token, and sending mass outreach with AgentMail). Before installing or providing any secrets: 1) Inspect the repository and exact commit the instructions will clone; do not run `npm install` or scripts until you've reviewed package.json and the code. 2) Use least-privilege credentials: create dedicated API keys/tokens with minimal scopes (restrict Vercel token to a single project, create a Google Cloud service account with only Sheets/Places permissions), and rotate/delete them if you stop using the skill. 3) Store service-account keys securely (avoid leaving them in plaintext in home directories) and prefer ephemeral or hosted credentials. 4) Run the pipeline in an isolated test environment (container or throwaway VM) first. 5) Verify email templates and legal compliance for unsolicited outreach (CAN-SPAM, local laws) to avoid account suspension or legal risk. 6) Ask the skill author to update the registry metadata to list all required env vars and config paths, pin the repo to a release/commit, and provide a vetted install artifact. If you cannot audit the remote code yourself, treat this skill as high-risk and avoid providing production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk9765qm2eady90gtvbfkcetn4s836qr5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
Binsnode
EnvGOOGLE_PLACES_API_KEY, GOOGLE_API_KEY, VERCEL_TOKEN, AGENTMAIL_API_KEY