Back to plugin
Pluginv0.7.1
ClawScan security
Aigroup Lead Discovery Openclaw Release · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 19, 2026, 4:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime bridges mostly match its stated purpose (lead discovery + external data providers) but there are inconsistencies and data-access behaviors you should understand before installing.
- Guidance
- This plugin implements lead-discovery skills and includes optional local bridge scripts that will read your OpenClaw configuration (~/.openclaw/openclaw.json) and environment variables for MCP provider URLs and API keys, then make outbound requests to external data services (PrimeMatrix/Tianyancha or the default endpoints shown). If you intend to use only the skill logic without the bridges, either: (1) install but do not configure the MCP providers (so bridges have no credentials), or (2) remove/disable the scripts in scripts/mcp_compat before installing. Before installing, check ~/.openclaw/openclaw.json for sensitive provider apiKey/baseUrl entries, and consider pinning plugin trust (add to plugins.allow) and restricting network access for the OpenClaw agent if you want to limit outbound calls. If you don't trust the repository owner or the external data providers, do not install or run the bridge scripts. If you want higher assurance, ask the maintainer to confirm whether the Hub release actually omits the bridge helpers (the README claims it does) and request a manifest that documents which files are active in the published hub package.
Review Dimensions
- Purpose & Capability
- noteThe repo contains five lead-discovery skills and bridge helpers to external MCP data providers (PrimeMatrix, Tianyancha). That aligns with the stated purpose (company intelligence). However the SKILL.md/README say the Hub release 'excludes optional local bridge helpers' while the bundle includes mcp_compat bridge scripts — a minor inconsistency about what is shipped by default.
- Instruction Scope
- noteSKILL.md gives normal install/verify instructions (openclaw plugins install, run preflight). It does not explicitly tell the agent to read arbitrary user files, but the included bridge scripts are written to read ~/.openclaw/openclaw.json and environment variables to locate API keys and base URLs. Those bridges will make outbound requests to third-party MCP endpoints when invoked. The instructions themselves are scoped, but the code can access local OpenClaw config and env-vars when used.
- Install Mechanism
- okThere is no separate install spec (instruction-only install via OpenClaw/HUB). No network-based downloader or installer is embedded. The bundle contains code files that are installed as part of the OpenClaw plugin; there is no opaque URL fetch in the repo itself.
- Credentials
- concernRegistry metadata lists no required env vars, but several included scripts read environment variables and ~/.openclaw/openclaw.json for provider configs and API keys (examples: PRIMEMATRIX_MCP_API_KEY, PRIMEMATRIX_BASE_URL, MCP_API_KEY, TIANYANCHA_MCP_URL, TIANYANCHA_AUTHORIZATION, TIANYANCHA_URL, CODEX_MCP_DEBUG_LOG). Those values may contain API keys for external services; the bridge code will use them to call external MCP endpoints. The skill therefore reads credentials/config beyond the 'none' declared in metadata — expected for MCP bridges but important to surface.
- Persistence & Privilege
- okThe skill is not always-included (always:false) and does not request special system-wide privileges in the manifest. Default autonomous invocation is allowed (platform default). The bundle writes logs to /tmp by default if debug logging is enabled, but there are no scripts that automatically modify other skills or global agent settings.