ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Discovery

v1.0.0

AI-driven lead discovery for B2B export. Searches web for potential buyers matching ICP, evaluates fit, and creates CRM records for follow-up.

0· 103·1 current·1 all-time
by@ipythoning·duplicate of @ipythoning/sdr-lead-discovery

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/lead-discovery.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lead Discovery" (ipythoning/lead-discovery) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/lead-discovery
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lead-discovery

ClawHub CLI

Package manager switcher

npx clawhub@latest install lead-discovery
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description align with the actions described (web search, website reading, scoring, adding CRM records). Using Jina.ai for search/reader is coherent with the stated purpose. However, the SKILL.md explicitly references a JINA_API_KEY and integration points (CRM, Supermemory, USER.md) that are not declared in registry metadata, which is unexpected and inconsistent.
!
Instruction Scope
Runtime instructions instruct the agent to run curl calls to Jina endpoints (requiring an API key), read company websites for contact info (emails, phone, WhatsApp), consult USER.md for ICP criteria, and store notes in 'Supermemory' and CRM. The skill asks the agent to access .secrets/env and user files (USER.md) and to create CRM records — none of these files, config paths, or CRM endpoints/credentials are specified in the registry. This grants broad discretion to read local files and send harvested contact data to unspecified external systems.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal disk footprint. The only external network activity described is curl to jina.ai (a well-known service) which is expected for the task.
!
Credentials
SKILL.md requires a JINA_API_KEY (mentions .secrets/env and a link) but the registry lists no required env vars or config paths. The instructions also rely on CRM and Supermemory without declaring required credentials or endpoints. Missing declarations for credentials and config paths are disproportionate and impede safe review.
Persistence & Privilege
always:false (good). The skill suggests cron-scheduled execution (Daily 10:00) and autonomous invocation is allowed by default; combined with the ability to read local files and push to CRM, this increases operational impact if misconfigured. The skill does not request to modify other skills or system-wide configs.
What to consider before installing
Before installing, confirm these items: (1) The skill's SKILL.md expects a JINA_API_KEY — but the registry does not declare it; only provide the key if you trust the skill and understand where requests will be sent. (2) The skill will read USER.md and .secrets/env and scrape websites for emails/phone/WhatsApp; ensure you are comfortable with automated scraping and that it complies with privacy/local law. (3) The skill plans to write discovered leads into a CRM and 'Supermemory' but provides no endpoint or credentials — ask the author which CRM and what credentials will be required and where data will be stored/retained. (4) If you want to run scheduled jobs, verify your agent's scheduler behaviour and limit frequency/quotas to reduce accidental data exfiltration. (5) Prefer installing only after the skill metadata is corrected to declare required env vars/config paths and a clear description of CRM/third-party integrations; treat this skill as suspicious until those inconsistencies are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ben3xnh3bme4xafbsmprzzd843ern
103downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@ipythoning
latest
Download

Lead Discovery — AI-Powered Prospecting

Automatically search, filter, and evaluate potential buyers based on your ICP profile.

Triggers

  • Cron scheduled execution (Daily 10:00)
  • Manual command from owner: "Search for leads in [market/industry]"

Search Strategy

Search Dimensions (rotate daily, pick 1-2)

  1. Target Market Procurement

    • "{{product}} buyers [target country] 2026"
    • "[target country] fleet expansion logistics company"
    • "[target country] construction equipment procurement"

  2. Trade Shows & Procurement Signals

    • "{{product}} buyers exhibition Africa Middle East 2026"
    • "transport logistics tender [region]"

  3. Company Research (read website)

    • After discovering a target company, read their website for detailed info

  4. Customs / Trade Data

    • "[target country] {{product}} import statistics"
    • "{{product}} import demand [region] 2026"

Search Execution

Jina Search (find potential buyers)

curl -s 'https://s.jina.ai/QUERY_URL_ENCODED' \
  -H 'Authorization: Bearer $JINA_API_KEY' \
  -H 'Accept: application/json'

Jina Reader (read company website)

curl -s 'https://r.jina.ai/https://target-company.com' \
  -H 'Authorization: Bearer $JINA_API_KEY' \
  -H 'Accept: application/json'

JINA_API_KEY in .secrets/env. Get one free at https://jina.ai/

3-Layer Enrichment Pipeline

Layer 1: Website Extraction

Read company website via Jina Reader → extract:

  • Company size, employee count
  • Product lines, services
  • Certifications (ISO, etc.)
  • Contact info (email, phone, WhatsApp)
  • Office/warehouse locations

Layer 2: Purchase Signal Search

Jina Search for:

  • "[company name] procurement tender"
  • "[company name] fleet expansion"
  • "[company name] import export"

Layer 3: Information Integration

  • Combine all findings into enrichment profile
  • Calculate ICP score based on USER.md criteria
  • Store research notes in Supermemory with tag "customer_research"

Evaluation Flow

For each discovered prospect:

  1. Extract: company name, country, industry, size, contact info (email/WhatsApp/phone)
  2. Read company website via Jina Reader for deep understanding
  3. Score per USER.md ICP criteria (1-10)
  4. ICP >= 5: Write to CRM (source=web_discovery, status=new)
  5. ICP >= 7: Also mark as hot_lead, create research note
  6. Email found: Mark next_action=email_outreach
  7. WhatsApp found: Mark next_action=whatsapp_outreach

Output Format (report to owner)

Today discovered X potential leads:

1. [Company] - [Country] - ICP [X]/10
   Industry: [industry] | Size: [size]
   Source: [search query]
   Contact: [email/website/whatsapp]
   Recommendation: [Send cold email / WhatsApp contact / More research / Enter nurture pool]

Added to CRM: X | Pending email outreach: X | Pending WhatsApp: X

Search Frequency & Quota

  • Max 20 searches per day (API quota management)
  • Weekly coverage: Africa 2 days, Middle East 2 days, SEA 1 day, LatAm 1 day, Other 1 day
  • Duplicate companies auto-skipped (check CRM first)

Search Templates by Market

Africa (Mon/Tue)

  • "{{product}} importers Nigeria Lagos"
  • "logistics company Tanzania fleet"
  • "construction company Kenya equipment procurement"

Middle East (Wed/Thu)

  • "{{product}} dealers Saudi Arabia"
  • "logistics fleet UAE Dubai"
  • "construction equipment Oman transport"

Southeast Asia (Fri)

  • "{{product}} importers Philippines Manila"
  • "logistics company Vietnam fleet"
  • "construction Indonesia heavy vehicles"

Latin America (Sat)

  • "{{product}} importers Brazil"
  • "logistics company Chile fleet"
  • "mining transport vehicles Peru"

Comments

Loading comments...