lead-scraper

Security checks across malware telemetry and agentic risk

Overview

This is a transparent lead-scraping instruction-only skill, but users should handle exported contact data carefully and only scrape sources where they have permission.

Install only if you intend to use an agent for compliant lead research. Confirm each source permits scraping, minimize fields and volume, avoid social-platform scraping unless explicitly allowed, get required consent before marketing, and protect or delete exported contact files according to privacy and marketing laws.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly collects, cleans, scores, exports, and prepares follow-up use of personal contact data, but the surrounding description does not give a prominent warning about handling/exporting personal information and associated legal/privacy obligations. In this context, that omission increases the risk of users processing leads, contacts, phone numbers, and emails without informed consent, proper notice, or appropriate controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal