Pitch
Security checks across malware telemetry and agentic risk
Overview
This pitch-coaching skill appears purpose-aligned and local-only, with the main caution that it persists business pitch details in local OpenClaw memory and references some helper files that are not included.
This skill looks safe to use for local pitch coaching. Before installing, be aware that it stores business pitch data and meeting notes locally, so avoid entering highly confidential details unless you are comfortable managing those files. Review any follow-up drafts before sending them, and do not run missing or replacement scripts from outside the reviewed package.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Business strategy, fundraising details, and meeting notes may remain on disk and be reused in later pitch workflows.
The skill is designed to persist pitch materials, audience profiles, objections, and meeting outcomes. These can contain confidential business information, though storage is disclosed as local-only and purpose-aligned.
All pitch materials stored locally only: `memory/pitch/` ... `audiences.json` ... `objections.json` ... `meetings.json`
Use it only with information you are comfortable storing locally, and periodically review or delete the `memory/pitch/` files if they contain sensitive business data.
Using the skill may run local helper scripts that create or update JSON files in the OpenClaw workspace.
The skill expects local Python scripts to be run for pitch data operations. The included scripts are simple local file operations and are aligned with the stated purpose, but this is still local code execution.
Use provided scripts in `scripts/` for all data operations.
Run only the included scripts from this package and review script output before relying on generated pitch or follow-up content.
Some documented commands may fail or tempt a user or agent to look for missing helpers outside the reviewed package.
The SKILL.md documents several scripts and reference files that are not present in the supplied file manifest. This is a completeness/provenance gap rather than evidence of malicious behavior.
`coach_delivery.py`, `save_meeting_notes.py`, `generate_deck_outline.py`, `analyze_pitch.py`; references such as `references/elevator-pitches.md`
Do not download or run replacement helper scripts from unverified sources; treat only the included files as reviewed.