ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Email Finder

Find email addresses for a domain by combining website scraping, search dorking, pattern guessing, DNS analysis, and SMTP verification. Use when prospecting...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 648 · 2 current installs · 2 all-time installs
by@psyduckler
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the included script: website scraping, DNS inspection, pattern guessing, and SMTP RCPT verification. No unrelated credentials, binaries, or install steps are requested.
!
Instruction Scope
SKILL.md and the script instruct the agent to fetch site pages, query search-engine-like URLs, and perform SMTP RCPT checks against mail servers. Those actions are consistent with the stated purpose but are network-scanning behaviors with privacy/abuse implications. The code also disables HTTPS certificate validation when fetching pages (ssl.CERT_NONE / check_hostname=False), which is a security risk and unusual for a scraping tool and could mask MITM/network issues. SKILL.md encourages rate-limiting (good), but the script performs potentially sensitive external probes (SMTP) that could lead to abuse or IP blacklisting.
Install Mechanism
No install spec is included; dependencies are minimal and declared (dnspython). No downloads from arbitrary URLs or archives are present in the manifest.
Credentials
The skill requests no environment variables or credentials. The network access (HTTP/HTTPS, DNS, outbound SMTP on port 25) is proportional to the feature set but requires the user to ensure allowed egress in their environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. Autonomous invocation remains possible (platform default) but is not combined with other red flags.
What to consider before installing
This skill appears to implement an email-finder tool that scrapes pages, reads DNS records, and probes mail servers via SMTP RCPT TO. Before installing or running it: 1) Review the full script — the provided file in the manifest was truncated, so there may be hidden behavior in the omitted portion. 2) Be aware SMTP verification performs active probes to other domains' mail servers (outbound port 25) and can trigger blacklisting or be considered intrusive—use --no-verify if you only need DNS/scraping. 3) The fetch code disables HTTPS certificate validation (ssl.CERT_NONE), which is insecure; consider enabling cert checks or running in a controlled environment. 4) Respect target sites' terms of service and robots.txt and avoid bulk runs; SKILL.md's rate-limiting guidance is helpful—follow it. 5) Ensure you have permission for any large-scale or automated lookups, and run the tool from an environment where outbound SMTP/DNS traffic is allowed and won't affect other services. If you want to proceed, request the full, untruncated source to audit before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk975dk84sknextt4642d90nk1581733x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Email Finder

Discover email addresses associated with a domain using multiple methods.

How It Works

  1. Website Scraping — Fetches homepage, /contact, /about, /team pages and extracts emails via regex
  2. Search Dorking — Searches for published emails in directories and search engines
  3. Pattern Guessing — If a name is provided, generates common patterns (first@, first.last@, flast@, etc.)
  4. DNS Hints — Checks MX/SPF/DMARC records to identify the email provider
  5. SMTP Verification — Verifies all found/guessed emails using RCPT TO

Dependencies

pip3 install dnspython

Usage

Basic domain search

python3 scripts/find_emails.py example.com

With name for pattern guessing

python3 scripts/find_emails.py example.com --name "John Smith"

Skip SMTP verification

python3 scripts/find_emails.py example.com --no-verify

Options

  • --name "First Last" — Enable pattern guessing for a specific person
  • --no-verify — Skip SMTP verification step
  • --timeout SECONDS — Connection timeout (default: 10)

Output

JSON to stdout:

{
  "domain": "example.com",
  "provider": "Google Workspace",
  "mx": ["aspmx.l.google.com"],
  "spf": "v=spf1 include:_spf.google.com ~all",
  "dmarc": "v=DMARC1; p=reject; rua=mailto:dmarc@example.com",
  "emails_found": 2,
  "emails": [
    {
      "email": "info@example.com",
      "source": "scraped",
      "deliverable": "yes",
      "smtp_detail": "2.1.5 OK"
    },
    {
      "email": "john.smith@example.com",
      "source": "guessed",
      "deliverable": "catch-all",
      "smtp_detail": "2.1.5 OK"
    }
  ]
}

Source values

ValueMeaning
scrapedFound on the domain's website
searchedFound via search/directory lookup
guessedGenerated from name patterns
dnsFound in DNS records (DMARC reports, etc.)

Deliverable values

ValueMeaning
yesServer accepted the recipient
noServer rejected the recipient (invalid)
catch-allServer accepts all addresses
unknownCould not determine
not_checkedVerification was skipped

Rate Limiting

The script includes built-in rate limiting at every stage to protect your IP:

# Defaults: 0.5s between page fetches, 2s between SMTP checks, max 15 SMTP checks
python3 scripts/find_emails.py example.com --name "John Smith"

# Conservative settings for sensitive environments
python3 scripts/find_emails.py example.com --scrape-delay 1.0 --smtp-delay 4 --max-smtp-checks 8

# Just scrape, no SMTP (zero risk)
python3 scripts/find_emails.py example.com --no-verify

Options

  • --scrape-delay SECONDS — Pause between website page fetches (default: 0.5)
  • --smtp-delay SECONDS — Pause between SMTP verification checks (default: 2.0)
  • --max-smtp-checks N — Max SMTP verifications per run (default: 15). Remaining emails get not_checked status.

Why rate limiting matters

This tool hits both web servers and mail servers. Without rate limiting:

  • Web scraping — Aggressive crawling gets your IP blocked by WAFs (Cloudflare, etc.) and makes you look like a bot. Respectful delays avoid this.
  • SMTP verification — Mail servers flag IPs making rapid RCPT TO requests. Your IP can get blacklisted, affecting your ability to send real email.
  • Residential IPs are fragile — Unlike datacenter IPs, your home/office IP is shared across all your internet activity. Getting it blacklisted affects everything.

Guidelines for agents

ScenarioRecommended approach
Single domain lookupDefaults are fine
Domain + name pattern guessingDefaults are fine (15 SMTP checks covers all patterns)
Multiple domains in sequenceAdd 5-10s pause between domains. Don't run more than 20 domains/day
Just need the email providerUse --no-verify — DNS-only, zero risk
Bulk prospecting (50+ domains)Use a paid service (Hunter.io, Apollo) or spread across multiple days

Key principle: The script is designed for targeted lookups, not mass scraping. If you need to process hundreds of domains, use a dedicated service with proper IP reputation management.

Limitations

  • Website scraping depends on emails being visible in page source (won't find obfuscated/JS-rendered emails)
  • Search engines may block automated queries
  • SMTP verification requires outbound port 25 access
  • Catch-all domains accept all addresses — can't confirm real inboxes
  • Be respectful: the script adds delays between requests but don't run it in tight loops

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…