AI Lead Intelligence Generator 安全扫描报告 — 低风险 | ClawSafe

15 /100

AI Lead Intelligence Generator

Generates actionable B2B sales intelligence for any company to support cold outreach, lead qualification, and personalized prospecting

A legitimate B2B sales lead intelligence skill that makes declared external API calls without suspicious behavior or hidden functionality.

技能名称AI Lead Intelligence Generator

分析耗时37.5s

引擎pi

✓

可以安装

This skill is safe to use. The external API calls are declared in SKILL.md. Users should be aware that their company queries and optional API tokens are sent to a third-party Render.com service.

安全发现 2 项

严重性	安全发现	位置
提示	Third-party API dependency 供应链 The skill depends on external Render.com hosted API (https://ai-lead-intelligence-acet.onrender.com) for lead intelligence. Service availability and data handling policies are governed by the external provider. `POST https://ai-lead-intelligence-acet.onrender.com/analyze-lead` → Users should verify the external service's privacy policy and data handling practices before submitting sensitive company information.	`SKILL.md:40`
提示	Placeholder token is not hardcoded credential 文档欺骗 The ACCESS_TOKEN in test_api.py is the literal placeholder string 'your-access-token-here', not an actual credential. This is a test template requiring user configuration. `ACCESS_TOKEN = "your-access-token-here"` → No action needed - this is expected behavior for a template file.	`test_api.py:5`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	test_api.py:11 - GET request; test_api.py:15-18 - POST request with json payload
环境变量	`NONE`	`NONE`	—	No environment variable access detected

1 高危 4 项发现

🔑

高危 API 密钥疑似硬编码凭证

ACCESS_TOKEN = "your-access-token-here"

test_api.py:5

🔗

中危外部 URL 外部 URL

https://ai-lead-intelligence-acet.onrender.com/analyze-lead

SKILL.md:41

🔗

中危外部 URL 外部 URL

https://your-lemonsqueezy-link.com

SKILL.md:94

🔗

中危外部 URL 外部 URL

https://ai-lead-intelligence-acet.onrender.com

test_api.py:4

目录结构

2 文件 · 3.4 KB · 137 行

Markdown 1f · 105L Python 1f · 32L

├─ 📝 SKILL.md Markdown 105L · 2.6 KB

└─ 🐍 test_api.py Python 32L · 775 B

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Standard HTTP library, not pinned

安全亮点

✓ Documentation accurately describes all external network behavior

✓ No credential harvesting from the system

✓ No obfuscation techniques (base64, eval, etc.)

✓ No shell execution or subprocess usage

✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)

✓ No persistence mechanisms (cron, startup hooks)

✓ No suspicious data exfiltration beyond declared API calls

✓ User-provided tokens are handled correctly and not exfiltrated