Skillv1.0.5

ClawScan security

LeadContact · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 6:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a straightforward wrapper for the LeadContact API, but metadata inconsistencies about required credentials and the fact it makes external contact-enrichment queries mean you should verify the token requirement and vendor before installing.
Guidance: Before installing: (1) Confirm the skill really requires and will use a LEADCONTACT_API_TOKEN — the skill's internal files declare this but the top-level registry metadata you provided does not. That mismatch should be fixed by the publisher. (2) Verify the vendor (https://leadcontact.ai) and the recommended contact methods; prefer obtaining tokens through official vendor console or verified channels rather than messaging a phone/Telegram. (3) Consider privacy and legal issues: this skill queries personal contact info derived from LinkedIn profiles — ensure your use complies with LinkedIn's terms and local data protection laws. (4) Only provide an API token with least privilege, store it securely (not in client-side code), and monitor usage and billing. (5) If in doubt, run initial tests in a sandbox account and ask the publisher to publish repository/source or correct registry metadata before granting credentials.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (look up phones/emails from LinkedIn profile URLs) matches the API endpoints and examples in SKILL.md. However, the top-level registry summary you provided lists no required credentials, while the included _meta.json and SKILL.md declare a required LEADCONTACT_API_TOKEN — an incoherence between the registry metadata and the skill's own manifest.
Instruction Scope: okSKILL.md contains explicit instructions for calling leadcontact.ai endpoints with a bearer token and does not instruct the agent to read local files, config paths, or other system secrets. It does recommend using LinkedIn automation/CRM integrations (business/ethical implication), but functionally the runtime instructions stay within the claimed purpose (HTTP POST to an external API).
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code, so nothing is written to disk and there are no package downloads. That reduces installation risk.
Credentials: concernThe skill requires a single API credential (LEADCONTACT_API_TOKEN) according to _meta.json and SKILL.md, which is proportionate to the purpose. The concern is the mismatch between that requirement and the registry metadata you supplied (which lists no required env vars). Confirming which metadata is authoritative is important — you should not provide an API token unless you trust the vendor and the platform metadata is corrected. No other credentials are requested.
Persistence & Privilege: okalways:false and no special system paths or modifications are requested. The skill can be invoked autonomously (platform default) but it does not request persistent or elevated agent privileges beyond normal invocation.