Skillv0.1.0

ClawScan security

Prospect Research Repo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 11:46 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (prospect/company research) matches its instructions, but the runtime guidance is vague and grants broad discretion to use third‑party enrichment tools (LinkedIn, Apollo, ZoomInfo, etc.) without declaring or justifying required credentials, which could lead to unintended use of available secrets or external services.
Guidance: This skill appears to do what it says, but it leaves the agent a lot of latitude to use external enrichment services. Before installing or enabling it, decide whether you want the agent to be allowed to use any LinkedIn/Apollo/ZoomInfo credentials that exist in your environment. If you do not, restrict the agent's access to those credentials or disable autonomous invocation for this skill. Ask the skill author (or your admin) to: 1) explicitly list which external services it will call, 2) declare any credentials it needs, and 3) add a line limiting searches to public sources if you want to avoid using paid/enriched data. Always verify key claims and check cited sources before acting on the brief; watch for privacy issues when researching named individuals.

Review Dimensions

Purpose & Capability: okName, description, and SKILL.md align: the skill is an instruction-only prospect research briefing tool that expects to use web search, website fetches, news, job boards, and enrichment services. There are no declared binaries, env vars, or unrelated capabilities requested.
Instruction Scope: concernThe SKILL.md tells the agent to use 'web search', 'web fetch', and 'Any available enrichment tools (Apollo, ZoomInfo, LinkedIn, etc.)'. That gives the agent broad freedom to query external services and use any credentials the agent/platform has access to. The instructions do not limit what data can be read or transmitted, nor do they explicitly forbid use of private credentials or personal data; this open scope increases the risk of unintended data access or exfiltration.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is low risk from an installation perspective because nothing is written to disk by the skill itself.
Credentials: concernThe skill declares no required environment variables or credentials, but explicitly names paid/enriched sources that typically require API keys or logins. Because it tells the agent to use 'any available enrichment tools', the skill may cause the agent to use platform-stored credentials (if present). The absence of declared credentials or a clear justification for them is a mismatch between capability and environment needs.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide changes. Autonomous invocation is allowed (default) but that is normal; there is no evidence the skill modifies other skills or agent configuration.