Back to skill
Skillv1.0.6
ClawScan security
Lead Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 2:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's required inputs, instructions, and artifacts are coherent with its stated purpose of extracting structured real-estate leads from parsed messages and do not request extra credentials, installs, or side effects.
- Guidance
- This skill appears to do only what it says: validate parsed WhatsApp messages, apply local rules, and return structured lead objects. Before installing, consider privacy and data governance: the skill will process PII (names, phone numbers, budgets), so ensure you only feed it data you are allowed to share and that your agent environment / logs won't leak outputs. The 'never' rules in SKILL.md are instructions — they are not an enforcement mechanism; verify that other installed skills or the agent's runtime won't capture or forward extracted leads. If you need stronger guarantees (no network egress, no logging), run it in a constrained environment or audit the agent runtime policies. If the maintainer later adds code, external endpoints, or requests credentials, re-evaluate immediately.
Review Dimensions
- Purpose & Capability
- okName/description, schemas, and extraction rules all align: the skill only needs parsed message arrays and emits validated lead objects. There are no unexpected environment variables, binaries, or unrelated requirements.
- Instruction Scope
- okSKILL.md explicitly restricts runtime actions to validating input, applying local extraction rules, building/validating lead objects, deduplicating, and returning results. It also states hard boundaries (no storage, no outbound actions). The instructions only reference included schema and rules files — no external endpoints or unrelated system paths are mentioned.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to execute; nothing is written to disk or fetched during install. This is the lowest-risk install model and matches the skill's stated role.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All required data comes from the parsed-message input; this is proportionate to the stated extraction task. Note: the skill will process personal data (names, phones) which is expected for this purpose.
- Persistence & Privilege
- okalways:false and default invocation settings are appropriate. The SKILL.md explicitly disallows writes or outbound communication. The skill does not request persistent presence or modify other skills' configs.