Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pitch
v2.2.0Pitch development and presentation coaching for founders and salespeople. Use when user mentions investor pitches, sales presentations, elevator pitches, pit...
⭐ 0· 323·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description align with included Python scripts: building foundations, elevator pitches, objections, and follow-ups. The code operates on local JSON under a workspace directory and does not request external credentials or unrelated binaries.
Instruction Scope
SKILL.md references many modules and scripts (coach_delivery.py, save_meeting_notes.py, generate_deck_outline.py, analyze_pitch.py) and several reference docs (elevator-pitches.md, audiences.md, follow-up.md, delivery.md) that are absent from the file manifest. SKILL.md states 'memory/pitch/' as storage while all scripts write to ~/.openclaw/workspace/memory/pitch — a minor but meaningful mismatch in claimed vs. actual storage location. The instructions otherwise stick to local read/write of JSON and printing drafts; there are no network calls, but the missing files create ambiguity about promised features.
Install Mechanism
No install spec — instruction-only with included scripts. No downloads or archives. The scripts are plain Python and will run if Python is available; nothing is written from a remote URL. This is low-risk from an install mechanism perspective.
Credentials
No environment variables, no external credentials, and no access to system config paths are requested. The scripts write/read JSON files under the user's home (~/.openclaw/workspace/memory/pitch), which is reasonable for local storage but should be noted (SKILL.md's claimed path differs).
Persistence & Privilege
always:false and no code attempts to modify other skills or system-wide agent settings. The skill will create and persist its own data files in the user's home workspace but does not request elevated privileges.
What to consider before installing
This skill appears to implement a legitimate pitch-coaching tool and keeps data local, but there are inconsistencies that you should clear up before installing: 1) Several scripts and reference documents mentioned in SKILL.md are missing from the package — ask the publisher for the missing files or an explanation. 2) The SKILL.md claims data lives in memory/pitch/, but the scripts actually read/write ~/.openclaw/workspace/memory/pitch; confirm you’re OK with files being created under your home directory. 3) The package expects Python to be available (SKILL.md doesn't declare it); if your environment lacks Python, scripts may fail. If you want to proceed, consider running the scripts in a sandbox or review the missing components with the author so you understand the full behavior. The inconsistencies look like sloppy packaging rather than malicious intent, but verify before giving it any broader access.Like a lobster shell, security has layers — review code before you run it.
fundraisingvk973qjavsec1kg0jz9ztd57wed82gbssinvestorsvk973qjavsec1kg0jz9ztd57wed82gbsslatestvk974j07n72nve0e8fw35gc532s82kj3wpitchvk973qjavsec1kg0jz9ztd57wed82gbsssalesvk973qjavsec1kg0jz9ztd57wed82gbssstartupvk973qjavsec1kg0jz9ztd57wed82gbss
License
MIT-0
Free to use, modify, and redistribute. No attribution required.