Lme Auto Messenger
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it can read customer spreadsheets and automatically send messages through a logged-in LME account without enough recipient, preview, or approval safeguards.
Install or use this only if you are comfortable with an agent reading the selected customer spreadsheet and sending LME/LINE messages from your logged-in account. Before running it, verify the active Google and LME accounts, use a test spreadsheet first, preview generated messages, confirm the recipient list, throttle sends, and delete or protect customers.json after use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send incorrect, unwanted, or spam-like messages to real customers from the user's LME account.
The skill directs the agent to operate LME through Browser Relay and send messages to each customer, but the artifacts do not define a required preview, confirmation, recipient limit, or approval gate before those messages are sent.
Browser RelayでLMEを開き、各顧客にメッセージを送信。
Use this only with explicit recipient selection, message preview, per-recipient confirmation or batch approval, rate limits, and an audit log before any LME send action.
If invoked with the wrong account or spreadsheet, the agent could access customer data or send messages using unintended business credentials.
The skill relies on already-authenticated Google Workspace and LME sessions. Those account privileges are high-impact, and the artifacts do not bound which spreadsheet/account/session may be used or what permissions are required.
gws(Google Workspace CLI) が認証済みであること ... LME にログイン済みであること
Document the exact required accounts, use the least-privileged Google/LME access available, verify the active browser profile and gws account before use, and require user confirmation for account-affecting actions.
A bad spreadsheet value, bad message template, or mistaken category analysis could be propagated to many customer chats before the user notices.
The skill itself acknowledges bulk sending risk, but the workflow does not specify throttling, batch limits, rollback, or stop conditions if spreadsheet data or generated messages are wrong.
短時間に大量送信するとスパム判定される可能性がある
Add small-batch testing, send-rate limits, stop-on-error behavior, and a manual review checkpoint before expanding to larger recipient lists.
Customer personal information may remain on disk in customers.json and could be included in later agent context or viewed by others with local access.
The workflow pulls customer names, email addresses, message history/category status, and stores the result in a local JSON file. This is purpose-aligned, but it creates a sensitive local data artifact that may be reused or exposed if not managed.
E | メールアドレス | example@email.com ... --format json > customers.json
Store the exported file in a protected location, delete it after use, avoid unnecessary columns, and treat all spreadsheet cell contents as data rather than trusted instructions.