Tmp Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a local sales-tracking skill, but one script can write outside its intended sales folder if given a crafted company name.
Use caution before installing. The skill does not show network exfiltration or credential use, but its lead script should be fixed to prevent path traversal. If you use it, avoid unusual company names containing slashes or '..', review where files are created, and remember that lead/contact data will persist locally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental lead name containing path traversal characters could cause the agent to create or overwrite markdown files outside the sales leads folder.
The company-name argument is converted only by lowercasing and replacing spaces, but slashes and '..' are not rejected. That means a crafted company value can influence the write path and may escape the intended leads directory.
filename=$(echo "$2" | tr '[:upper:]' '[:lower:]' | tr ' ' '-') ... lead_file="$LEADS_DIR/${filename}.md" ... cat > "$lead_file" << EOFSanitize company names to a safe filename character set, reject '/' and '..', verify the canonical output path remains inside the leads directory, and avoid overwriting existing files without confirmation.
Lead names, emails, phone numbers, LinkedIn URLs, and sales notes may persist locally and be available to future agent sessions or backups.
The skill creates persistent local files intended to hold lead contact details and sales notes. This is purpose-aligned, but it means customer/lead data remains in the OpenClaw workspace.
SALES_DIR="${HOME}/.openclaw/workspace/sales" ... - **Email:** ... - **Phone:** ... - **LinkedIn:**Only store lead data you are comfortable keeping in the local OpenClaw workspace, and periodically review or delete old sales files if they contain sensitive information.
The mismatch may make it harder to verify who published the skill or whether the package identity is consistent.
The embedded metadata uses a different owner/slug than the supplied registry metadata, which lists the skill as tmp-skill with a different owner ID. This is a packaging/provenance inconsistency, not proof of malicious behavior.
"ownerId": "kn7cpmgq5bpf1mp69bpd7n9as180nssd", "slug": "sales"
Verify the publisher/source before relying on the skill, especially if installing future versions or variants.