ClawHub
Code Pluginsource linked

Leadclawv0.3.0

OpenClaw plugin for Leadbay — AI lead discovery, qualification, and enrichment

@leadbay/leadclaw·runtime leadclaw·by @leadbay
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@leadbay/leadclaw
Latest release: v0.3.0Download zip

Capabilities

Tags
executes-codeartifact:legacy-zip
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
leadclaw

Compatibility

Built With Open Claw Version
2026.3.24-beta.2
Min Gateway Version
2026.3.24-beta.2
Plugin Api Range
>=2026.3.24-beta.2
Plugin Sdk Version
2026.3.24-beta.2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Lead discovery, qualification, enrichment, billing-link generation, and optional Leadbay state mutations fit the stated purpose, but the bundled leadbay_report_friction tool captures verbatim user friction text for analytics-like reporting outside the core lead workflow.
!
Instruction Scope
The friction-reporting tool instructs the agent to call it silently, autonomously, and never tell the user; that is materially under-disclosed compared with the public README.
Install Mechanism
The package uses a normal OpenClaw/npm plugin entrypoint with no postinstall or setup hook found; the artifact also contains an older .tgz file, but it is not referenced by the install metadata.
!
Credentials
Network access to Leadbay APIs and use of a bearer token are expected, and write tools are gated by exposeWrite, but silent user-friction reporting and automatic local Leadbay memory reads are not clearly surfaced in configuration or README guidance.
Persistence & Privilege
No background worker or durable bulk store is used by the OpenClaw adapter, and write tools require opt-in; the bundled core can read local ~/.leadbay memory summaries by default if present.
Scan Findings in Context
[SkillSpector:clean] expected: SkillSpector reported no issues; artifact review still found under-disclosed silent friction reporting.
[staticScan:clean] expected: Static scan reported no suspicious patterns, which aligns with the absence of postinstall scripts or direct malicious primitives.
[VirusTotal:clean] expected: VirusTotal showed 0 malicious and 0 suspicious detections, but clean telemetry is not enough to dismiss the disclosure concern.
What to consider before installing
Install only if you are comfortable giving this plugin Leadbay account access and exposing lead/contact data to Leadbay APIs. Keep exposeWrite disabled unless you explicitly want the agent to modify Leadbay state. Review the silent friction-reporting behavior with the publisher before installing in a sensitive workspace.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/leadbay/leadclaw
Commit
040415db1a4d
Tag
leadclaw-v0.3.0
Provenance
No
Scan status
suspicious

Tags

latest
0.3.0

@leadbay/leadclaw — Leadbay OpenClaw plugin

An OpenClaw plugin that gives any OpenClaw-compatible agent a first-class, 50-tool surface for Leadbay B2B lead discovery, qualification, and enrichment — backed by the same composite-workflow API used by @leadbay/mcp.

Don't have a Leadbay account? Register here.

1. Install

Via ClawHub (recommended)

clawhub package install @leadbay/leadclaw

Via OpenClaw CLI (alternative)

openclaw plugins install @leadbay/leadclaw

Via npm (for custom wiring)

npm install @leadbay/leadclaw

The npm tarball contains the bundled dist/index.js, the openclaw.plugin.json manifest, this README, the license, and the plugin logo. @leadbay/core is bundled in — no runtime deps besides Node ≥22.

2. Configuration

Set these in your OpenClaw plugin config block (names match the uiHints and configSchema in openclaw.plugin.json):

FieldRequiredDefaultPurpose
regionyes (recommended)(auto)"us" or "fr" — pins which Leadbay backend receives your token. Strongly recommended to set explicitly; otherwise login auto-probes both regions.
tokenoptionalPre-minted bearer token. If unset, the agent can call leadbay_login to mint one interactively.
baseUrloptionalderived from regionOverride API base (staging/dev).
exposeGranularoptionalfalseSet true to also expose the ~30 low-level 1:1-with-API tools alongside the composite workflow tools. More surface area, more chance the agent picks the wrong one.
exposeWriteoptionalfalseSet true to expose write/mutation tools (create lenses, enrich contacts, adjust audience, report outreach, etc.). Hidden by default so an LLM cannot mutate state without explicit opt-in.

Example OpenClaw config fragment:

{
  "plugins": {
    "@leadbay/leadclaw": {
      "region": "us",
      "token": "lb_...",
      "exposeWrite": false,
      "exposeGranular": false
    }
  }
}

3. Tool surface

The plugin ships 50 tools. Exposure is gated by the two flags above:

  • Default (composite workflow tools) — the agent-facing surface. Read-only end-to-end: leadbay_pull_leads, leadbay_research_lead_by_id, leadbay_research_lead_by_name_fuzzy, leadbay_prepare_outreach, leadbay_account_status, leadbay_recall_ordered_titles, leadbay_bulk_qualify_leads, leadbay_enrich_titles, plus the login tool.
  • exposeGranular: true — adds the granular API tools: lens read/filter/scoring, sector taxonomy, selection ids, enrichment job titles, contacts, quota, taste profile, user_prompt, clarifications, epilogue responses, prospecting actions, lead notes, web_fetch, etc. (23 tools.)
  • exposeWrite: true — adds the write tools: leadbay_create_lens, leadbay_update_lens, leadbay_set_active_lens, leadbay_set_user_prompt, leadbay_qualify_lead, leadbay_enrich_contacts, leadbay_add_note, leadbay_select_leads / leadbay_deselect_leads / leadbay_clear_selection, leadbay_refine_prompt, leadbay_report_outreach, leadbay_adjust_audience, leadbay_launch_bulk_enrichment, etc. (17 tools.)

Write tools follow a verification-first contract where relevant — leadbay_report_outreach, for example, requires gmail_message_id | calendar_event_id | user_confirmed on every call so an agent cannot silently poison your pipeline with hallucinated outreach.

The canonical tool list + schemas live in openclaw.plugin.json.

4. Example agent prompts

Find 20 SaaS companies in Berlin matching my Ideal Buyer Profile, research the top 3, and prepare an outreach package for the best-fit contact.

Qualify the leads I selected last session, then recall the titles we've ordered so I can plan enrichment.

Adjust my audience to include VP of Finance at Series B startups and refine the prompt if any clarifications come up. (requires exposeWrite: true)

5. Troubleshooting

ProblemCauseFix
Plugin loads but agent sees no Leadbay toolstoken missing and no login step takenHave the agent call leadbay_login, or pre-set token in the plugin config
Authentication token expired or invalidToken revoked or wrong regionHave the agent call leadbay_login to mint a fresh token; verify region matches your account
No enrichment credits remainingOut of quotaContact Leadbay support to extend quota
Agent keeps picking granular tools over compositesexposeGranular: true setFlip to false; the composites are usually what you want
Write tool "not found"exposeWrite: false (default)Set exposeWrite: true after explicitly opting in

6. Security & privacy

  • Tokens live only in your OpenClaw plugin config; they traverse the network only to api-{region}.leadbay.app.
  • Write tools (exposeWrite) and granular tools (exposeGranular) are hidden by default — opt-in per session.
  • leadbay_report_outreach requires verification metadata (Gmail/Calendar id or explicit user_confirmed text) to prevent pipeline poisoning.
  • No telemetry is sent by this plugin. API requests are subject to the Leadbay privacy policy.

7. License

MIT. See LICENSE.