← Back to Skills Marketplace
vishalgojha

Lead Storage

by Vishal · GitHub ↗ · v1.0.6
cross-platform ⚠ suspicious
690
Downloads
0
Stars
2
Active Installs
7
Versions
Install in OpenClaw
/install lead-storage
Description
Persist validated lead objects through write-only storage operations after Supervisor provides explicit confirmation. Use when users ask to save approved lea...
README (SKILL.md)

Lead Storage

Store validated leads with strict confirmation gating.

Quick Triggers

  • Save approved leads to Google Sheets.
  • Persist these normalized records after confirmation.
  • Commit validated leads with confirmation token.

Recommended Chain

... -> supervisor confirmation -> lead-storage

Execute Workflow

  1. Accept payload from Supervisor.
  2. Validate payload with references/storage-input.schema.json.
  3. Verify confirmation_token is present and non-empty.
  4. Write leads to storage through write-only interfaces.
  5. Preserve optional extraction/normalization/scoring metadata when present:
    • extraction: deal_type, asset_class, price_basis, area_sqft, area_basis
    • record typing: dataset_mode, record_type
    • location: city, city_canonical, locality_canonical, micro_market, location_hint
    • prioritization: urgency, priority_bucket
  6. Enforce idempotency by lead_id and avoid duplicate inserts for repeated broker forwards.
  7. Return result using references/storage-output.schema.json.
  8. On partial failures, return status: "failure" and a populated error_message.

Enforce Boundaries

  • Never parse raw messages.
  • Never extract new lead entities.
  • Never perform read queries for analytics or summaries.
  • Never generate suggested actions.
  • Never write anything when confirmation token is missing or invalid.
  • Never self-approve writes.

Reliability Rules

  1. Prefer idempotent writes keyed by lead_id.
  2. Log rejected writes with validation reason.
  3. Fail closed on any permission ambiguity.
Usage Guidance
Before installing or enabling this skill, get answers to these questions from the publisher or your integrator: - Exactly which storage backends does the skill write to (Google Sheets, which DB types and endpoints)? Provide concrete endpoint formats. - What credentials or config does it require (OAuth service account, GOOGLE_SHEETS_ID, DB_URL, DB_USER, DB_PASSWORD, etc.)? These should be declared explicitly so you can apply least privilege. - Where and how are credentials stored/used? Prefer short-lived tokens or scoped service accounts with write-only permissions. - How is the confirmation_token generated and validated? Confirm the skill cannot self-approve or accept spoofed tokens. - Ask for an implementation description or code sample showing the write path (which SDKs/APIs are used) and confirmation that no reads or analytics queries are executed. - Verify idempotency behavior (how duplicate lead_id is detected) and what logging/audit trails are produced for writes and rejections. If the publisher can provide explicit, matching metadata (required env vars and config paths) and an implementation that only uses documented, auditable write-only connectors, the incoherence is resolved and the risk decreases. If they cannot, treat the skill as suspicious because it claims to perform privileged network writes but exposes no clear authentication or destination mechanism. Also consider data governance: this skill will persist PII (names, phone numbers); ensure compliance with your policies and test in a non-production environment first.
Capability Analysis
Type: OpenClaw Skill Name: lead-storage Version: 1.0.6 The OpenClaw skill bundle 'lead-storage' is classified as benign. The `SKILL.md` provides clear, well-bounded instructions for the AI agent, explicitly stating negative constraints such as 'Never parse raw messages', 'Never perform read queries for analytics or summaries', and 'Never write anything when confirmation token is missing or invalid'. The input and output schemas (`references/storage-input.schema.json`, `references/storage-output.schema.json`) are strictly defined with `additionalProperties: false`, preventing unexpected data. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence, or other harmful behaviors. The skill's design emphasizes controlled, confirmed, and write-only storage operations.
Capability Assessment
Purpose & Capability
The skill's stated purpose is to persist leads to external storage (Google Sheets or DB). However, the registry metadata declares no required environment variables, credentials, or config paths. A storage-writing capability normally requires at least one destination credential (API key, DB URL, OAuth token, service account, etc.). The absence of any declared secrets or target configuration is disproportionate to the claimed purpose and creates an incoherence: the skill says it will perform writes but provides no explicit mechanism for authenticating to any storage.
Instruction Scope
SKILL.md gives a narrowly-scoped workflow (validate payload against schema, verify confirmation_token, perform write-only idempotent writes, return a structured result) and explicitly forbids parsing, extraction, reads, or self-approval. That is reasonable and conservative. However, the instructions reference generic "write-only interfaces" without specifying which interfaces/endpoints, how to authenticate, or what to do if multiple storage backends are available. That vagueness grants implementers broad discretion and could hide how and where data is sent.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself. From an installation perspective this is low risk and consistent with a simple orchestration skill.
Credentials
The skill requests no environment variables or primary credentials, yet its description explicitly mentions Google Sheets or databases. Persisting personally identifiable information (names, phone numbers) to external services typically requires credentials and least-privilege configuration. The lack of declared required env vars or config paths is a red flag — either the skill relies on implicit platform connectors (not documented) or its metadata is incomplete/incorrect. Both possibilities warrant caution.
Persistence & Privilege
The skill does not request always:true and defaults allow normal invocation controls. It does not request modification of other skills or system-wide settings. The listed reliability rules (fail-closed, idempotency, logging) are appropriate. No elevated persistence or system privileges are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lead-storage
  3. After installation, invoke the skill by name or use /lead-storage
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
Align broker-group contracts: dataset_mode, record_type, and expanded summary/prioritization schemas.
v1.0.5
Preserve richer extracted metadata fields in storage payload
v1.0.4
Preserve RE-India title and improve install-facing guidance
v1.0.3
Improve use-when clarity and chain guidance
v1.0.2
Rename display title with RE-India suffix
v1.0.1
Append RE-India suffix to display names
v1.0.0
Initial release of lead-storage skill. - Supports write-only storage of validated leads with explicit Supervisor confirmation. - Enforces strong boundaries: no parsing, extraction, analytics, or recommendations. - Rejects any write attempts lacking a valid confirmation token. - Handles partial failures with clear status and error messaging. - Implements reliability rules including idempotent writes and robust validation.
Metadata
Slug lead-storage
Version 1.0.6
License
All-time Installs 3
Active Installs 2
Total Versions 7
Frequently Asked Questions

What is Lead Storage?

Persist validated lead objects through write-only storage operations after Supervisor provides explicit confirmation. Use when users ask to save approved lea... It is an AI Agent Skill for Claude Code / OpenClaw, with 690 downloads so far.

How do I install Lead Storage?

Run "/install lead-storage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Lead Storage free?

Yes, Lead Storage is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Lead Storage support?

Lead Storage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Lead Storage?

It is built and maintained by Vishal (@vishalgojha); the current version is v1.0.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments