ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lead Discovery

v1.2.0

AI-driven lead discovery for B2B export. Searches web for potential buyers matching ICP, evaluates fit, and creates CRM records for follow-up.

0· 123·0 current·0 all-time
by@ipythoning

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/sdr-lead-discovery.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Lead Discovery" (ipythoning/sdr-lead-discovery) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/sdr-lead-discovery
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sdr-lead-discovery

ClawHub CLI

Package manager switcher

npx clawhub@latest install sdr-lead-discovery
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (web lead discovery) matches the instructions (search, read websites, score leads). However the runtime instructions require a JINA_API_KEY and CRM interaction (implicit), which are plausible needs but are not declared in the skill metadata; that mismatch is incoherent and unexplained.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read company websites via Jina Reader and perform searches, but also references reading .secrets/env, USER.md, storing notes in 'Supermemory', checking/writing CRM records and scheduling cron jobs. USER.md, CRM endpoints/credentials, and the Supermemory config are not included or referenced in metadata — the instructions ask for access to files/configs that are not declared and could expose unrelated secrets or data.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there is no installer risk (nothing is downloaded or written by an installer).
!
Credentials
The runtime examples require a JINA_API_KEY (used in curl Authorization header) and mention a .secrets/env file, yet requires.env is empty in the registry. The skill will also need CRM credentials to write leads but does not declare them. Requesting or reading undeclared secret locations is disproportionate and could lead to accidental exposure of unrelated credentials.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (default). The instructions describe cron-triggered runs and storing notes in 'Supermemory' — this implies ongoing writes to the agent's memory/CRM but the skill does not request elevated platform privileges. Still, persistent scheduled behavior and automatic writes amplify risk if credential/config details are wrong or broad.
What to consider before installing
Do not install or enable this skill until the author clarifies and fixes the metadata/instructions. Key questions to ask or steps to take: 1) Provide a complete list of required environment variables and config paths (e.g., JINA_API_KEY, CRM_API_KEY, path to Supermemory) in requires.env and required config paths. 2) Explain where USER.md and Supermemory live and provide their schemas; ensure the skill will not read arbitrary files like .secrets/env unless explicitly authorized. 3) Provide the exact CRM integration details (endpoint, auth method, scopes) and demonstrate least-privilege credentials. 4) Run the skill in a sandbox/staging agent with test credentials and monitor network calls and file reads before enabling on production data. 5) If you must proceed, restrict it to manual invocation until credentials and data-handling behaviour are audited, and rotate any test credentials used for verification afterwards.

Like a lobster shell, security has layers — review code before you run it.

latestvk9750rpy7smp9xa1fbam6zzmxh83jcst
123downloads
0stars
3versions
Updated 1mo ago
v1.2.0
MIT-0
@ipythoning
latest
Download

Lead Discovery — AI-Powered Prospecting

Automatically search, filter, and evaluate potential buyers based on your ICP profile.

Triggers

  • Cron scheduled execution (Daily 10:00)
  • Manual command from owner: "Search for leads in [market/industry]"

Search Strategy

Search Dimensions (rotate daily, pick 1-2)

  1. Target Market Procurement

    • "{{product}} buyers [target country] 2026"
    • "[target country] fleet expansion logistics company"
    • "[target country] construction equipment procurement"

  2. Trade Shows & Procurement Signals

    • "{{product}} buyers exhibition Africa Middle East 2026"
    • "transport logistics tender [region]"

  3. Company Research (read website)

    • After discovering a target company, read their website for detailed info

  4. Customs / Trade Data

    • "[target country] {{product}} import statistics"
    • "{{product}} import demand [region] 2026"

Search Execution

Jina Search (find potential buyers)

curl -s 'https://s.jina.ai/QUERY_URL_ENCODED' \
  -H 'Authorization: Bearer $JINA_API_KEY' \
  -H 'Accept: application/json'

Jina Reader (read company website)

curl -s 'https://r.jina.ai/https://target-company.com' \
  -H 'Authorization: Bearer $JINA_API_KEY' \
  -H 'Accept: application/json'

JINA_API_KEY in .secrets/env. Get one free at https://jina.ai/

3-Layer Enrichment Pipeline

Layer 1: Website Extraction

Read company website via Jina Reader → extract:

  • Company size, employee count
  • Product lines, services
  • Certifications (ISO, etc.)
  • Contact info (email, phone, WhatsApp)
  • Office/warehouse locations

Layer 2: Purchase Signal Search

Jina Search for:

  • "[company name] procurement tender"
  • "[company name] fleet expansion"
  • "[company name] import export"

Layer 3: Information Integration

  • Combine all findings into enrichment profile
  • Calculate ICP score based on USER.md criteria
  • Store research notes in Supermemory with tag "customer_research"

Evaluation Flow

For each discovered prospect:

  1. Extract: company name, country, industry, size, contact info (email/WhatsApp/phone)
  2. Read company website via Jina Reader for deep understanding
  3. Score per USER.md ICP criteria (1-10)
  4. ICP >= 5: Write to CRM (source=web_discovery, status=new)
  5. ICP >= 7: Also mark as hot_lead, create research note
  6. Email found: Mark next_action=email_outreach
  7. WhatsApp found: Mark next_action=whatsapp_outreach

Output Format (report to owner)

Today discovered X potential leads:

1. [Company] - [Country] - ICP [X]/10
   Industry: [industry] | Size: [size]
   Source: [search query]
   Contact: [email/website/whatsapp]
   Recommendation: [Send cold email / WhatsApp contact / More research / Enter nurture pool]

Added to CRM: X | Pending email outreach: X | Pending WhatsApp: X

Search Frequency & Quota

  • Max 20 searches per day (API quota management)
  • Weekly coverage: Africa 2 days, Middle East 2 days, SEA 1 day, LatAm 1 day, Other 1 day
  • Duplicate companies auto-skipped (check CRM first)

Search Templates by Market

Africa (Mon/Tue)

  • "{{product}} importers Nigeria Lagos"
  • "logistics company Tanzania fleet"
  • "construction company Kenya equipment procurement"

Middle East (Wed/Thu)

  • "{{product}} dealers Saudi Arabia"
  • "logistics fleet UAE Dubai"
  • "construction equipment Oman transport"

Southeast Asia (Fri)

  • "{{product}} importers Philippines Manila"
  • "logistics company Vietnam fleet"
  • "construction Indonesia heavy vehicles"

Latin America (Sat)

  • "{{product}} importers Brazil"
  • "logistics company Chile fleet"
  • "mining transport vehicles Peru"

Comments

Loading comments...