ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Enrich Industry

v1.0.0

Backfill contact-level industry from associated company records using a HubSpot workflow. Enables industry-based segmentation for targeted campaigns aligned...

0· 99·0 current·0 all-time
by@tomgranot

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tomgranot/enrich-industry.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Enrich Industry" (tomgranot/enrich-industry) from ClawHub.
Skill page: https://clawhub.ai/tomgranot/enrich-industry
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install enrich-industry

ClawHub CLI

Package manager switcher

npx clawhub@latest install enrich-industry
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name, description, SKILL.md, and included scripts all align with a HubSpot 'enrich industry' workflow and verification. However the registry metadata declares no required environment variables or primary credential, while both SKILL.md and the shipped scripts expect an API token — this mismatch is incoherent and means the skill as-published omits a required secret. The scripts themselves do not request unrelated services or credentials, so functionality is appropriate but the metadata is incomplete/misleading.
!
Instruction Scope
SKILL.md describes creating a HubSpot workflow and includes small SDK examples, which is fine. But the included Python scripts (before.py/after.py) will be run to audit/enforce changes and they: 1) call HubSpot APIs, 2) read a .env file from the repository parent (load_dotenv(..., '../.env')), and 3) write CSV files locally. Loading ../.env is not documented in SKILL.md and can cause the script to load unrelated secrets from the agent environment; plus SKILL.md uses a different env variable name (HUBSPOT_API_TOKEN) in one snippet while scripts require HUBSPOT_ACCESS_TOKEN, creating ambiguity about what credential to provide.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. The scripts declare dependencies in comments (requests, python-dotenv) but there's no packaged installer; running them will require pip installing those packages. No external downloads or obscure URLs are used in the code — only calls to api.hubapi.com — so install risk is moderate/transparent but undeclared.
!
Credentials
Network access to HubSpot via a single API token is appropriate for the stated purpose. However: 1) the repository metadata does not declare the required HUBSPOT_ACCESS_TOKEN, 2) SKILL.md uses a different name (HUBSPOT_API_TOKEN) in a snippet, and 3) the scripts explicitly load ../.env which can pull any environment variables stored there (broader-than-needed exposure). These issues make credential handling unclear and potentially overbroad.
Persistence & Privilege
The skill is not flagged as always:true, does not request persistent system-wide privileges, and does not modify other skills' config. Autonomous invocation is allowed (platform default) but is not combined here with other red flags that would make that especially dangerous.
What to consider before installing
This skill appears to do what it says (create/verify a HubSpot workflow and run API-based audits) but the package has important inconsistencies you should resolve before use: - The code expects a HubSpot API token but the skill metadata does not declare any required env vars. The two places in the repo use different names (HUBSPOT_API_TOKEN in one SKILL.md snippet vs HUBSPOT_ACCESS_TOKEN in the scripts). Confirm which variable your environment should provide and update the skill metadata accordingly. - The Python scripts call only api.hubapi.com (no remote/personal endpoints), write CSVs locally, and require 'requests' and 'python-dotenv'. That behavior is consistent with the described purpose, but the scripts call load_dotenv('../.env') — which will read any .env file located at the repository root. Make sure you do not store unrelated secrets in that .env file and run these scripts in a controlled environment. - Use a HubSpot token with least privilege (only the scopes needed for reading/updating contacts/companies). Avoid using a full-owner token if not necessary. - If you plan to run these scripts via an agent, update the skill metadata to declare the required env var(s) and document how to provide them; consider removing or parameterizing the hard-coded .env path. If you cannot confirm or fix the env-variable mismatch and the .env usage, treat this skill as suspicious and avoid installing/running it in a sensitive environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk978dynn9zm3y9600mvwdfxz3183n6em
99downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@tomgranot
latest
Download

Enrich Contact Industry from Associated Company

Copy industry data from company records to their associated contacts. In a typical B2B CRM, company records have industry populated at high rates (80-90%) while contact records have almost none. This workflow bridges that gap automatically.

Why This Matters

Without industry on contact records, you cannot segment email campaigns by vertical. For B2B companies targeting specific industries, this makes the difference between spray-and-pray email blasts and targeted, relevant messaging. Industry data on contacts also feeds ICP tier classification and lead scoring models.

Prerequisites

  • HubSpot Marketing Hub Professional or Sales Hub Professional (for Workflows)
  • Company name enrichment (enrich-company-name skill) should be completed first, as it may trigger new company associations
  • Access to Settings > Properties to verify/create the contact Industry property

Plan

  1. Verify the contact Industry property exists and is compatible with the company Industry property
  2. Audit how many contacts can be enriched (before state)
  3. Build a workflow that copies industry from the associated company
  4. Verify enrichment results (after state)

Before State

Check Property Compatibility

This is the most important pre-step. Contacts may have TWO industry properties: industry and industry_name. You must verify which one HubSpot uses for lists and reports.

  1. Go to Settings > Properties > Contact properties
  2. Search for "Industry"
  3. Note ALL industry-related properties on the contact object
  4. Check which property is used in existing lists, reports, and workflows
  5. The target property must be compatible with the company Industry property:
    • If both are dropdown select: option values must match exactly (same spelling, same case)
    • If the contact property is single-line text: it will accept any value (safest option)
    • If unsure, use single-line text to avoid copy failures

If no contact Industry property exists, create one:

  • Object: Contact
  • Group: Contact information
  • Label: Industry
  • Field type: Dropdown select (copy all values from the company Industry property) OR Single-line text (accepts any value)

Audit Enrichment Opportunity

import os
from hubspot import HubSpot
from dotenv import load_dotenv

load_dotenv()
api_client = HubSpot(access_token=os.getenv("HUBSPOT_API_TOKEN"))

# Count contacts missing industry
result = api_client.crm.contacts.search_api.do_search(
    public_object_search_request={
        "filterGroups": [{
            "filters": [{
                "propertyName": "industry",
                "operator": "NOT_HAS_PROPERTY"
            }]
        }],
        "limit": 0
    }
)
print(f"Contacts missing industry: {result.total}")

Also create a HubSpot list to estimate enrichable contacts:

  • Filter 1: Contact Industry > is unknown
  • Filter 2: AND Associated company > Industry > is known
  • This count tells you how many contacts will actually be enriched

Execute

Create the Enrichment Workflow

This workflow is nearly identical to the company name enrichment workflow. If you already built that one, clone it and swap the property references.

  1. Go to Automation > Workflows > Create workflow
  2. Select Contact-based > Blank workflow
  3. Name: AUTO-ENRICH: Copy Industry from Company

Enrollment trigger:

  • Contact property > Industry > is unknown
  • AND Associated company > Industry > is known

Re-enrollment:

  • Enable re-enrollment on the same criteria. This ensures contacts that later get associated with a company are also enriched.

Action: Copy property

  • Copy FROM: Company > Industry
  • Copy TO: Contact > Industry

Activate:

  • Click Review > Turn on
  • Select Yes, enroll existing contacts

Note: Unlike the company name workflow, no delay is needed here. If the contact already has an associated company with industry data (checked by the enrollment trigger), the copy can happen immediately.

After State

Wait 1-2 hours for the workflow to process, then verify.

Script approach:

result = api_client.crm.contacts.search_api.do_search(
    public_object_search_request={
        "filterGroups": [{
            "filters": [{
                "propertyName": "industry",
                "operator": "NOT_HAS_PROPERTY"
            }]
        }],
        "limit": 0
    }
)
print(f"Contacts still missing industry: {result.total}")

Verification checklist:

  1. Contact industry count should jump from near-zero to tens of thousands
  2. The enrichment list (missing industry + has company association) should be near 0
  3. Spot-check 20+ contacts for accuracy:
    • Open the contact record
    • Verify the Industry field shows a value
    • Click the associated company and confirm the industry matches
  4. Check that the industry distribution on contacts roughly mirrors the company industry distribution
  5. Check workflow history for failures — most common is property value mismatch (company has a value that does not match a dropdown option on the contact)

Key Technical Learnings

  • Two industry properties can exist. Some HubSpot portals have both industry and industry_name on contacts. Verify which one is authoritative before building the workflow. Writing to the wrong one means your lists and reports will not see the data.
  • Dropdown value matching is case-sensitive and exact. If the company Industry has "Healthcare" and the contact Industry dropdown has "healthcare" (lowercase), the copy will fail. Ensure values match exactly.
  • Consider consolidating similar industries. Many CRMs have overlapping values like "Healthcare" and "Hospital & Health Care". For segmentation, consider creating a separate "Industry Group" property that maps similar values into broader categories. This is optional but improves list usability.
  • This does not overwrite existing values. The enrollment trigger requires "Industry is unknown", so contacts that already have industry data are not affected.
  • If using a text field instead of dropdown: Enrichment works, but you lose the ability to filter by exact dropdown values in lists. You can convert to a dropdown later but will need to clean up inconsistent text values first.
  • Run this after company name enrichment. Company name enrichment may trigger new company associations, which increases the number of contacts eligible for industry enrichment.
  • Clone the company name workflow. The structure is nearly identical. Clone it in HubSpot and swap the property references to save time.

Comments

Loading comments...