Skillv1.0.0

ClawScan security

Cold Outreach — Free Methodology · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 12:06 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only cold-email methodology that is internally consistent with what it says it will do, but it recommends installing third‑party tools/extensions, using account credentials, and self-hosting automation which carry privacy, terms-of-service, and operational risks the user should consider.
Guidance: This skill is coherent for building and running cold-email campaigns using free-tier tools, but before you proceed consider: 1) Legal and compliance: cold email is regulated (CAN-SPAM, GDPR, regional laws). Ensure you have a lawful basis to contact people and honor unsubscribe requests immediately. 2) Platform Terms-of-Service: scraping/enrichment via extensions or pattern-based email discovery (LinkedIn extrapolation, extension-based reveals) can violate LinkedIn, Hunter/Apollo, or browser-extension TOS—check them. 3) Credentials & secrets: the skill will require OAuth/App Passwords, IMAP/SMPP credentials, and access to third-party accounts; never paste those secrets into chat. Use dedicated sending accounts, enable 2FA, and prefer OAuth flows where possible. 4) Browser extensions & privacy: installing Apollo/Hunter extensions grants them access to pages/profiles you visit—review permissions and privacy policies. 5) Self-hosting automation: the skill suggests running n8n via Docker and importing workflows; inspect any imported JSON before running, secure the host, and avoid exposing credentials in plain text. 6) Reputation risk: follow the warm-up protocol and suppression rules to avoid account blocks and deliverability harm. 7) Claims & ethics: templates include name‑drop and case claims—only use exactly-true claims (don’t imply false mutual contacts). 8) Paid add-on: the references/metadata link to a $19 pre-built workflow product—verify that purchase contents are safe and review workflow JSON before importing. If you want a safer test, run everything manually with a small batch, review every automation step, and confirm legal/TOS compliance before scaling.

Review Dimensions

Purpose & Capability: okThe name/description (cold outreach end-to-end, free tooling, n8n automation) matches the SKILL.md and reference files. The guidance, templates, and tooling recommendations (Apollo, Hunter, Gmail, Google Sheets, n8n) are coherent with the stated purpose.
Instruction Scope: noteThe instructions stay on-topic (ICP, sourcing, sequences, reply handling, automation). They do, however, instruct the user to: install Chrome extensions (Apollo/Hunter), create and warm up Gmail accounts, use OAuth/App Passwords, run n8n (Docker command shown), and import pre-built n8n workflow JSONs. Those runtime actions require granting permissions and entering credentials and may implicate privacy/TOS concerns; the instructions do not ask the agent to read unrelated local files or hidden endpoints.
Install Mechanism: okThis is instruction-only with no install spec or code to be written by the skill itself. The references include a Docker run example for n8n and instructions to import JSON workflows—these are user-facing setup steps rather than an installer bundled with the skill, reducing supply-chain risk. Still, the guidance tells users to run containers and install browser extensions which have their own operational implications.
Credentials: noteThe registry metadata declares no required env vars or credentials, but the runtime instructions legitimately require third-party accounts and credentials (Apollo/Hunter accounts, Gmail/OAuth or SMTP/App Password, Google account for Sheets, IMAP access for reply handling). Requesting those credentials is proportionate to sending emails and running automations, but users must supply them outside the skill—the skill does not itself declare or store any secrets.
Persistence & Privilege: okalways:false and no install-time persistence are appropriate. The skill does not request or modify other skills' configs or system-wide settings. Autonomous model invocation is allowed by default but that is normal and not a special privilege here.