Skillv1.0.0

ClawScan security

B2b Lead Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 9, 2026, 8:42 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with a B2B lead-hunting purpose, but they direct broad web scraping and personal-data extraction (LinkedIn connections, contact info, personality profiling) without declaring required credentials or safety/usage limits, which raises privacy, compliance, and operational concerns.
Guidance: Before installing or enabling this skill, consider the following: - Data collection scope: The skill explicitly instructs scraping LinkedIn and other sites to extract connections, contact details, and to create personality profiles. This can involve collecting personal data (PII) and may violate site Terms of Service or privacy laws (e.g., GDPR) if done without consent. - Credentials and feasibility: The skill declares no credentials but expects data often behind login. Ask the author: how will authenticated access be handled? Never supply your personal LinkedIn credentials or cookies to a third-party skill without an explicit, auditable reason. - Legal and account risk: Automated scraping can lead to account suspension, legal risk, or IP blocking. Ask for explicit limits (rate limiting, obey robots.txt), and prefer using official APIs with proper authorization. - Privacy & minimization: Request clarity on what personal fields are collected, how long data is stored, who can access outputs, and whether PII is redacted. If you need leads, prefer configurations that limit collection to business contact info you are authorized to use. - Operational controls: Insist on logs of actions, explicit user confirmation before performing large-scale scrapes, and a safe mode that only uses publicly available company-level signals instead of extracting individual connection lists. If you proceed, do so cautiously: require the developer to document authentication requirements, data handling, and legal compliance; or run the skill in a constrained environment and monitor network activity. If these clarifications are not provided, treat the skill as high-risk and avoid providing any personal credentials or allowing it to autonomously perform wide-reaching web-scraping tasks.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: identifying competitors, monitoring them, extracting their sales connections and generating BD materials is consistent. However, the runtime guidance expects access to LinkedIn connection lists and contact details that commonly require authenticated access or paid APIs, yet the skill declares no credentials or related environment variables—an implementation gap that should be explained.
Instruction Scope: concernSKILL.md directs broad, unfettered web searches and explicit scraping-like actions: visiting LinkedIn pages, extracting connection lists, gathering contact information, performing background research across multiple platforms, and producing personality profiles. There are no guardrails (rate limits, respect for terms-of-service/robots.txt, consent rules), no explicit prohibition on collecting sensitive personal data, and user data-handling/retention policies are not specified.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing will be written to disk by an installer. This is low risk from an installation/remote-code perspective.
Credentials: noteThe skill requests no environment variables or credentials, but many tasks (LinkedIn connection extraction, contact retrieval) practically require authenticated access, API keys, or browser cookies. The absence of declared credentials is either an omission or implies the skill expects to operate only on public data; the distinction matters for privacy and feasibility.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent agent-wide presence or modify other skills. Normal autonomous invocation is allowed by platform defaults but not by this skill's metadata.