scrape-leads

The codebase is an automation pipeline for scraping, classifying, enriching, and persisting business leads. I found no explicit malicious code or obfuscation techniques in the provided specification. The primary risks are: credential exposure (multiple API keys and Google service account), privacy/compliance (bulk scraping and enrichment with no consent or suppression), and operational abuse (high-volume parallel scraping without rate-limiting). Practical mitigations: restrict service-account scopes, store secrets in a proper secret manager, implement secure deletion of .tmp artifacts, add rate-limiting/backoff and polite scraping practices, and add privacy/compliance controls (consent, data retention policy, geo-restrictions). Overall, treat this as a high-privilege, high-privacy-risk tool that is not demonstrably malicious but requires careful operational controls.