AI Lead Intelligence Generator Security Report — Low Risk | ClawSafe

15 /100

AI Lead Intelligence Generator

Generates actionable B2B sales intelligence for any company to support cold outreach, lead qualification, and personalized prospecting

A legitimate B2B sales lead intelligence skill that makes declared external API calls without suspicious behavior or hidden functionality.

Skill NameAI Lead Intelligence Generator

Duration37.5s

Enginepi

✓

Safe to install

This skill is safe to use. The external API calls are declared in SKILL.md. Users should be aware that their company queries and optional API tokens are sent to a third-party Render.com service.

Findings 2 items

Severity	Finding	Location
Info	Third-party API dependency Supply Chain The skill depends on external Render.com hosted API (https://ai-lead-intelligence-acet.onrender.com) for lead intelligence. Service availability and data handling policies are governed by the external provider. `POST https://ai-lead-intelligence-acet.onrender.com/analyze-lead` → Users should verify the external service's privacy policy and data handling practices before submitting sensitive company information.	`SKILL.md:40`
Info	Placeholder token is not hardcoded credential Doc Mismatch The ACCESS_TOKEN in test_api.py is the literal placeholder string 'your-access-token-here', not an actual credential. This is a test template requiring user configuration. `ACCESS_TOKEN = "your-access-token-here"` → No action needed - this is expected behavior for a template file.	`test_api.py:5`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	test_api.py:11 - GET request; test_api.py:15-18 - POST request with json payload
Environment	`NONE`	`NONE`	—	No environment variable access detected

1 High 4 findings

🔑

High API Key 疑似硬编码凭证

ACCESS_TOKEN = "your-access-token-here"

test_api.py:5

🔗

Medium External URL 外部 URL

https://ai-lead-intelligence-acet.onrender.com/analyze-lead

SKILL.md:41

🔗

Medium External URL 外部 URL

https://your-lemonsqueezy-link.com

SKILL.md:94

🔗

Medium External URL 外部 URL

https://ai-lead-intelligence-acet.onrender.com

test_api.py:4

File Tree

2 files · 3.4 KB · 137 lines

Markdown 1f · 105L Python 1f · 32L

├─ 📝 SKILL.md Markdown 105L · 2.6 KB

└─ 🐍 test_api.py Python 32L · 775 B

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Standard HTTP library, not pinned

Security Positives

✓ Documentation accurately describes all external network behavior

✓ No credential harvesting from the system

✓ No obfuscation techniques (base64, eval, etc.)

✓ No shell execution or subprocess usage

✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)

✓ No persistence mechanisms (cron, startup hooks)

✓ No suspicious data exfiltration beyond declared API calls

✓ User-provided tokens are handled correctly and not exfiltrated

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives