ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Guardian

v1.0.0

AI-powered real estate lead response and qualification via SMS, email, or CRM to instantly engage, qualify, and route hot buyer and seller leads for agents.

0· 80·0 current·0 all-time
by@jonbarnato

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jonbarnato/lead-guardian.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lead Guardian" (jonbarnato/lead-guardian) from ClawHub.
Skill page: https://clawhub.ai/jonbarnato/lead-guardian
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install lead-guardian

ClawHub CLI

Package manager switcher

npx clawhub@latest install lead-guardian
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and app.py align: the skill implements SMS lead handling, qualification, and routing using Twilio and OpenRouter (Claude model). The requested environment variables (Twilio credentials, OpenRouter API key, optional AGENT_PHONE) are appropriate for the described functionality.
!
Instruction Scope
SKILL.md and app.py indicate the app will create a local SQLite DB (leads.db) and expose HTTP endpoints (including an admin dashboard). The manifest does not include .env.example or leads.db (they are listed in SKILL.md but not provided), and the shipped app.py is truncated in the provided content (the /sms handler is cut off), so behavior of the remainder of the code (dashboard, auth, /api endpoints, any webhook verification) is unknown. Exposing an unauthenticated admin dashboard or API would be a significant privacy/security risk. Also the system prompt hardcodes an agent identity (Jon Barnato) which leaks/locks the assistant persona and may be undesired.
Install Mechanism
No install spec; this is instruction + Python app. No external downloads or installers are included, so installation risk is limited to installing common Python packages per SKILL.md. That said, the top-of-file comment suggests packages (openai) that are not used; minor inconsistency but not an install-time risk.
Credentials
Declared environment variables (TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER, OPENROUTER_API_KEY, optional AGENT_PHONE) are proportional to an SMS + AI lead responder. No unrelated credentials or surprising env access are requested.
Persistence & Privilege
The skill does not request always:true and does not declare unusual privileges. It creates a local leads.db file which persists lead data on disk; that's expected for the use case but you should verify file location and retention policy. Ensure the HTTP endpoints (dashboard, APIs) are protected before exposing to the internet.
What to consider before installing
This implementation looks like a straightforward Twilio + OpenRouter lead autoresponder, but exercise caution before using it in production or on real credentials. What to check before installing/running: - Code completeness and authenticity: the provided app.py is truncated in the artifact you gave me. Get the full source from a trusted author or repository and review it before running. - Endpoint authentication: confirm the admin dashboard and /api endpoints require authentication and that Twilio webhook requests are validated (Twilio request signature) to prevent spoofing. Do not expose the app to the public internet without HTTPS and auth. - Credentials: only provide Twilio and OpenRouter API keys if you trust the source. Rotate keys after testing. Use least-privilege Twilio credentials if possible. - Data persistence & privacy: the app writes leads.db in its directory. Verify data retention, backups, and who can access that file on the host. Consider running in an isolated container or VM. - Behavior testing: run locally with dummy credentials first; observe outbound requests (which should be only to Twilio and openrouter.ai). Confirm there are no unexpected external endpoints in the full source. - Hardcoded persona and defaults: the system prompt hardcodes an agent name and comments in the header reference "Jon's phone" — replace with neutral text and configuration variables if you deploy. If you want, I can: (1) attempt to reconstruct the truncated portion if you paste the rest of app.py, (2) list concrete tests to run in a sandbox, or (3) produce a hardened checklist (webhook validation, auth for dashboard, DB encryption) to make this safe to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk978p3rqx9ncqgkwsm75ncnrx98464hs
80downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@jonbarnato
latest
Download

Lead Guardian — Real Estate Lead Response Skill

AI-powered lead response and qualification for real estate agents.

Description

Lead Guardian helps real estate agents respond to leads instantly, qualify them automatically, and route hot leads for immediate follow-up. Works via SMS, email, or CRM webhook integration.

Capabilities

  • Instant Response — Reply to new leads within 60 seconds
  • AI Qualification — Extract buying/selling intent, timeline, pre-approval status, price range
  • Hot Lead Detection — Identify ready-to-buy leads and alert agents immediately
  • Conversation Tracking — Full history of lead interactions
  • CRM Integration — Connect with Follow Up Boss, KW Command, and others

Use Cases

  1. After-Hours Coverage — Respond to leads when you're unavailable
  2. Lead Qualification — Filter tire-kickers from serious buyers
  3. Speed to Lead — Beat competitors with instant response
  4. Consistent Follow-Up — Never miss a lead

Requirements

  • Twilio account (for SMS)
  • OpenRouter API key (for AI)
  • Optional: CRM webhook URL

Quick Start

# Install dependencies
pip install flask twilio requests python-dotenv

# Configure
export TWILIO_ACCOUNT_SID="your_sid"
export TWILIO_AUTH_TOKEN="your_token"
export TWILIO_PHONE_NUMBER="+1xxxxxxxxxx"
export OPENROUTER_API_KEY="your_key"
export AGENT_PHONE="+1xxxxxxxxxx"

# Run
python app.py

Configuration

Environment Variables

VariableRequiredDescription
TWILIO_ACCOUNT_SIDYesTwilio account SID
TWILIO_AUTH_TOKENYesTwilio auth token
TWILIO_PHONE_NUMBERYesYour Twilio phone number
OPENROUTER_API_KEYYesFor AI responses
AGENT_PHONENoPhone to alert for hot leads

Hot Lead Criteria

A lead is flagged as "hot" when:

  • Timeline is "immediate" or "1-3 months"
  • Pre-approved for mortgage
  • Explicitly requests an agent

Qualification Questions

The AI naturally extracts:

  1. Direction — Buying, selling, or both
  2. Timeline — When they want to move
  3. Pre-approval — Mortgage status (if buying)
  4. Price Range — Budget (if buying)

API Endpoints

EndpointMethodDescription
/smsPOSTTwilio webhook for incoming SMS
/api/leadsGETList all leads
/api/leads/:id/messagesGETGet conversation history
/api/leads/:id/handoffPOSTMark lead as handed off
/GETAdmin dashboard

Cost

~$30/month for 500 leads

  • Twilio number: $1/month
  • SMS (1,000 messages): $10
  • Claude Haiku API: $15-20

Files

lead-guardian/
├── SKILL.md          # This file
├── app.py            # Main Flask application
├── leads.db          # SQLite database (created on run)
└── .env.example      # Environment template

Credits

Built by KW Sacramento Metro AI Team.

License

MIT

Comments

Loading comments...