Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lead Hunter
v1.0.1Automated lead generation + enrichment for AI agents. Find prospects, enrich with emails/socials/company data, score & prioritize. Your agent builds pipeline while you sleep.
⭐ 5· 3.5k·10 current·10 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the instructions (discover, enrich, score, export leads). However, the registry metadata lists no required credentials or env vars, while the SKILL.md repeatedly references API keys/tokens (X/Twitter API key, GitHub token, Moltbook key, Hunter.io/Clearbit/Crounchbase, etc.), proxies for LinkedIn, and premium provider integrations. That mismatch between declared requirements and the described capabilities is incoherent and should have been declared explicitly.
Instruction Scope
The runtime instructions instruct broad data collection (scraping public profiles, email discovery/verification, phone lookups, tech stack detection), use of proxies for LinkedIn, and auto-outreach/webhook integrations. Those actions are within the skill's sales/lead-gen purpose but the instructions are operationally broad and vague about legal/ethical safeguards, data retention, or consent. 'Proxy' usage and scraping notes in particular suggest bypassing platform limits or protections, which is risky and not justified in the metadata.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing is written to disk by an installer. However, because the instructions direct network calls and external API usage, runtime risks depend on how the host agent executes those steps.
Credentials
Functionally, the skill requires many external credentials (various APIs and enrichment providers), but the manifest declares no required env vars or primary credential. Requiring multiple third-party API keys would be proportionate to the task, but they must be declared and scoped; their absence in the metadata is an inconsistency and a transparency problem. Users should not hand over broad account credentials without clear justification and scoping.
Persistence & Privilege
The skill does not set always:true and there are no OS restrictions, but disableModelInvocation is not set (model invocation allowed). That means the agent could autonomously trigger discovery/enrichment/outreach actions if not otherwise constrained. Given the skill's ability to perform outreach/webhooks, you should consider limiting autonomous invocation or requiring explicit user approval before sending messages or exporting data.
What to consider before installing
This skill appears to do what it says, but there are important red flags and missing details. Before installing:
- Expect to provide many third-party API keys (Twitter/X, GitHub, Hunter.io/Clearbit, Crunchbase, Moltbook, CRM tokens). Only provide minimal-scoped tokens and avoid sharing full-account credentials.
- Ask the author to update the registry metadata to declare required env vars and exactly which tokens are needed.
- Review the enrichment and scraping docs for legal and privacy compliance (GDPR, platform Terms of Service). Avoid using proxies or scraping approaches that violate site terms.
- Disable autonomous model invocation (or require user confirmation) if you do not want the agent to send outreach messages or webhooks without intervention.
- Test on a small, low-risk dataset first and audit outputs (duplicates, accuracy) before letting it run at scale or charging customers.
If you need help assessing the specific provider integrations (Hunter/Clearbit/Crunchbase) or drafting a safer deployment configuration, get more detail from the skill author before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk970swkf7bc8dnwv80mrvz706d80kfea
License
MIT-0
Free to use, modify, and redistribute. No attribution required.