Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pitch
v2.1.0Pitch development and presentation coaching for founders and salespeople. Use when user mentions investor pitches, sales presentations, elevator pitches, pit...
⭐ 0· 230·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (pitch coaching) matches the included scripts (foundation builder, elevator pitch generator, objection prep, follow-up drafts). No credentials or network access are requested. However the SKILL.md and Module Reference claim additional scripts and reference files (coach_delivery.py, save_meeting_notes.py, generate_deck_outline.py, analyze_pitch.py and multiple reference markdowns) that are not present in the bundle; this is an overclaiming/documentation mismatch.
Instruction Scope
Runtime instructions are explicit about using local scripts and keeping data local. The scripts only read/write JSON under a local path (~/.openclaw/workspace/memory/pitch) and print outputs; they do not call external services, send email, or access unrelated system data. The mismatch between the SKILL.md examples (which reference missing scripts) and available scripts could cause the agent to attempt to run commands that don't exist, producing errors or unexpected behavior.
Install Mechanism
There is no install spec (instruction-only with included scripts). Nothing is downloaded or written beyond the scripts bundled in the skill, which lowers installation risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths outside a single local workspace directory. All data reads/writes are to a local directory under the user's home; these permissions are proportionate to the stated purpose.
Persistence & Privilege
The skill does persist state (writes JSON files) under ~/.openclaw/workspace/memory/pitch, which is reasonable for a coaching tool. always:false (normal). It does not request system-wide privileges or modify other skills' configs.
What to consider before installing
This skill appears to do what it says (local pitch coaching) and does not ask for credentials or network access, but the documentation claims several scripts and reference files that are not actually included. Before installing or using it: 1) Review the bundled scripts to confirm they meet your needs and that you are comfortable with files being written to ~/.openclaw/workspace/memory/pitch; 2) Expect some SKILL.md features (coach_delivery, deck generation, analysis, extra reference docs) to be missing — the agent may error if instructed to call them; 3) If you need the missing capabilities, request an updated package from the publisher or inspect/implement those scripts yourself; 4) Treat the stored JSON files as potentially sensitive (they contain pitch content) and keep backups or remove them if you no longer want that data saved. Overall coherence is fine but the documentation mismatch is a red flag for sloppy packaging — exercise caution and validate in a safe environment.Like a lobster shell, security has layers — review code before you run it.
latestvk971ph461hxw1afgd10a1ezcsx82ks7s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.