Ironclaw Outreach Sequencer
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its outreach-automation purpose, but it asks an agent to send bulk LinkedIn and Gmail messages on a recurring schedule using account/session access without clear approval and scoping controls.
Only install or enable this if you intentionally want OpenClaw to manage outbound outreach from your accounts. Start in draft/review mode, verify the sender account and recipient list, enforce opt-out/compliance rules, and do not enable the cron schedule until you have clear send limits, approvals, and an easy stop mechanism.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send incorrect, unwanted, or non-compliant outreach from the user’s accounts, creating reputational, legal, or spam-related consequences.
The skill directs the agent to use browser automation and a Gmail CLI to send messages to leads, including bulk processing of all due leads. This is purpose-aligned but high-impact and lacks clear approval gates.
browser → type personalized message; browser → send; gog gmail send ...; For each due lead: ... Send via appropriate channel
Use a draft-only mode by default, require review of the recipient list and message content before sending, and enforce explicit per-run send limits and confirmations.
Messages may be sent from the wrong account or from a business identity without the user clearly understanding which account/session is being used.
Sending through Gmail requires delegated account authority, and the skill shows a specific hardcoded sender account rather than a clearly scoped, user-configured credential contract.
gog gmail send ... --account patrick@candlefish.ai
Require the user to choose and confirm the sender account, declare required credentials in metadata, and document exactly which LinkedIn/Gmail sessions or accounts may be used.
Outreach could continue running after the initial setup, repeatedly sending follow-ups unless the user remembers to disable or modify the cron job.
The skill provides a persistent scheduled agent task that continues checking leads and sending messages during business hours.
"schedule": { "kind": "cron", "expr": "0 9,11,13,15 * * 1-5" } ... "Run outreach sequence check... Send personalized messages... Update statuses."Make cron setup explicitly opt-in, include an expiration date or maximum campaign count, provide a simple pause/stop process, and report pending sends before execution.
Lead profiles and outreach history may contain sensitive personal or business information that should not be overexposed or reused unexpectedly.
The skill uses and persists lead profile data, generated messages, thread IDs, reply status, and outreach history. This is expected for sequencing but involves personal/business contact data.
Each message is generated per-lead using their DuckDB profile data ... Store message + status in DuckDB
Confirm which DuckDB database and tables are used, limit access to the intended lead set, and define retention, deletion, and opt-out handling for stored outreach data.