Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Foxreach
v0.1.1Manage FoxReach cold email outreach — leads, campaigns, sequences, templates, email accounts, inbox, and analytics. Use when the user asks to create leads, m...
⭐ 0· 696·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to operate via a local Python SDK and CLI located at integrations/sdk-python/ and integrations/cli/, but the skill bundle contains only SKILL.md, api-reference.md, and examples.md — no SDK or CLI code is included. That is inconsistent: either the SDK is expected to already exist on the host (not documented) or the skill omitted required code.
Instruction Scope
The SKILL.md stays focused on FoxReach API actions (leads, campaigns, inbox, analytics) and instructs the agent to run python one-liners and short scripts. However it also permits shell operations (cd, pip install -e ., and Bash with environment injection) and lists tools that can read files (Read, Grep, Glob). The instructions themselves do not explicitly ask for arbitrary system data, but the allowed operations give the agent broad ability to inspect local files if it chooses.
Install Mechanism
There is no install spec (instruction-only), which is lower-risk. But the doc tells the agent to run 'cd integrations/sdk-python && pip install -e .' and similar commands referencing local directories that are not present in the package. Running pip install -e . in an arbitrary directory or on an attacker-controlled path can be risky — the instructions should point to a verified upstream package or include the SDK.
Credentials
The skill expects an API key (FOXREACH_API_KEY starting with 'otr_') and shows examples of running Python with FOXREACH_API_KEY=... but the skill metadata declares no required environment variables or primary credential. This mismatch (using sensitive env vars but not declaring them) is an incoherence and reduces transparency about what secrets the skill needs.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It does not declare any system config paths or attempt to modify other skills. No elevated persistence flags are present.
What to consider before installing
This skill appears to be a FoxReach API helper, but it references a local SDK/CLI that aren't included and expects you to provide an API key while not declaring that requirement. Before installing or running it: (1) ask the publisher where the integrations/sdk-python and integrations/cli code come from (a packaged SDK, PyPI name, or GitHub repo); do not run 'pip install -e .' or arbitrary shell commands in unknown directories without reviewing the code; (2) do not paste your production FOXREACH_API_KEY into the environment until you confirm the skill's source and inspect the SDK/CLI code; use a limited-scope or test API key first; (3) prefer a version that declares required env vars and provides a trusted install location (PyPI or GitHub releases) or includes the SDK code in the bundle; (4) if you proceed, review any local files the skill would read and avoid giving the agent carte blanche to search arbitrary system paths. These inconsistencies make the skill suspicious but not (clearly) malicious — request corrected packaging and clearer credential declaration from the author.Like a lobster shell, security has layers — review code before you run it.
latestvk9714vazetfk03b6vrxhrxhwds81ae63
License
MIT-0
Free to use, modify, and redistribute. No attribution required.