Trade Hunter
PassAudited by ClawScan on May 10, 2026.
Overview
Trade Hunter is a coherent instruction-only B2B lead-discovery skill, but users should verify its data-source, privacy, and security claims before relying on the generated contact lists.
This skill appears safe to install as an instruction-only lead-generation helper, but treat its outputs as unverified public-business data. Confirm the legality of collecting and using contact emails in your target market, set clear source and result limits, and do not rely solely on the README’s privacy or VirusTotal claims.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may return company contact emails and lead lists; users are responsible for ensuring searches use lawful, public, and appropriate sources.
The skill directs the agent to gather broad external business and contact information. This is disclosed and purpose-aligned for lead generation, but users should notice the broad scope and lack of detailed source constraints.
- 全球B2B企业数据采集 ... - 获取客户联系信息 ... includeContact: true
Before use, specify permitted sources, regions, result limits, and whether personal emails should be excluded.
Users might over-trust the compliance or security posture of the generated lead data.
The README makes broad privacy, compliance, and security-assurance claims, but the supplied artifacts do not include a VirusTotal report or concrete PII-handling controls.
✅ **数据脱敏** - PII信息保护,合规安全 ... **安全认证**: VirusTotal Benign ✓
Independently verify the security claim and confirm that contact-data handling complies with the target market’s laws.
If installed through a package manager rather than as an instruction-only skill, dependency code could vary over time.
The package manifest declares an unpinned dependency. Registry data says this is an instruction-only skill with no install spec, so this is a supply-chain note rather than evidence of executed dependency code.
"dependencies": { "coze-api": ">=1.0.0" }Pin dependency versions or remove unused dependencies from the package manifest.