ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dievio Lead Search API

v1.0.3

Run Dievio lead search and LinkedIn lookup workflows through the public API with correct authentication, filters, pagination, and credit-aware handling. Use...

0· 379·0 current·0 all-time
by@hundevmode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, README, SKILL.md, and the included Python CLI all consistently implement Dievio lead search and LinkedIn lookup via POST to dievio.com endpoints. The only mild inconsistency: registry metadata lists source/homepage as unknown/none while SKILL.md/README provide a GitHub URL and dievio.com homepage — worth verifying but not suspicious by itself.
Instruction Scope
SKILL.md instructs the agent to authenticate with DIEVIO_API_KEY, build request payloads, paginate, and handle errors. The bundled script implements those steps and only reads local JSON body files and the DIEVIO_API_KEY environment variable; it does not attempt to read other system files or unrelated environment variables. SKILL.md warns not to print secrets and notes raw output may include emails/phones.
Install Mechanism
No install spec; skill is instruction-only with a small Python script included. No downloads from arbitrary URLs or archive extraction are present. Risk from installation is low (script runs from disk if executed).
Credentials
Only requires a single API key (DIEVIO_API_KEY), which is appropriate for an API-integration skill. The script allows an --api-key override and otherwise reads os.getenv('DIEVIO_API_KEY'); no other credentials or secrets are requested or accessed.
Persistence & Privilege
Skill does not request persistent/always-on inclusion (always: false) and does not modify other skills or system-wide settings. It can be invoked autonomously by the agent (default behavior) but that is expected for a callable skill; no elevated privileges requested.
Assessment
This skill appears to do what it claims: it calls Dievio endpoints and needs only DIEVIO_API_KEY. Before installing: (1) verify the publisher/repo (SKILL.md references a GitHub repo but registry metadata lacks a homepage/source), (2) only provide an API key you trust and, if possible, a limited-scope or test key, (3) avoid using --raw-output unless you need full rows (it can include emails/phones/PII and could be logged), and (4) be aware the skill will perform network requests to dievio.com and will consume your Dievio credits. If you need stronger safety, restrict autonomous invocation or review the referenced GitHub repository to confirm code provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ebfbc3jk9bk3fmd8zpb084n81yfs2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvDIEVIO_API_KEY

Comments