ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Foxreach Cold Outrach

v1.0.0

Manage FoxReach cold email outreach — leads, campaigns, sequences, templates, email accounts, inbox, and analytics. Use when the user asks to create leads, m...

0· 629·0 current·0 all-time
byUsama Navid@concaption
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions (managing FoxReach leads, campaigns, inbox, analytics). However the SKILL.md instructs use of a local Python SDK and CLI located at integrations/sdk-python/ and integrations/cli/ which are not present in the package; it also expects an API key (FOXREACH_API_KEY) but the skill metadata did not declare any required env or primary credential. These are likely packaging/metadata omissions but reduce coherence.
!
Instruction Scope
Runtime instructions tell the agent to run python -c commands, pip install -e . from integrations paths, and to inject FOXREACH_API_KEY into the environment for invocations. That scope is consistent with an API client skill, but the instructions reference local directories that aren't shipped (no integrations/ folder), which means following them could either fail or, if the author intended external downloads, lead to unexpected installs. The allowed-tools patterns explicitly permit env-var injection and arbitrary python execution (Bash(FOXREACH_API_KEY=* python *)), so if the missing files were later provided or fetched, the skill could execute arbitrary Python with an injected API key.
!
Install Mechanism
There is no formal install spec (instruction-only), which is low-risk in itself. But SKILL.md advises 'cd integrations/sdk-python && pip install -e .' which attempts an editable install from a local path. Since the referenced directories are not included, this is inconsistent. If an install path were present or fetched later, pip installing arbitrary/unreviewed code from a local or remote path is higher risk. The package should either include the SDK/CLI or provide an auditable external release URL (PyPI/GitHub) rather than relying on undocumented local installs.
Credentials
The skill's operations legitimately require a FoxReach API key (FOXREACH_API_KEY). The metadata, however, lists no required env vars or primary credential, so the true expectation is only visible in SKILL.md. There are no requests for unrelated credentials or broad environment paths. The omission of FOXREACH_API_KEY from the declared requirements is a metadata mismatch that should be corrected so users know what secret will be used.
Persistence & Privilege
The skill does not request 'always: true' and has no install spec that would persist beyond normal agent activity. It does instruct how to configure the CLI with a key, but that is standard for API clients and does not imply elevated system privilege.
What to consider before installing
This skill appears to be a FoxReach API client, but there are some red flags to check before installing or running it: - Do not run the pip install or python commands until you verify what will be installed. SKILL.md instructs 'pip install -e .` from integrations/sdk-python/ and an integrations/cli/ config, but those folders are not included in the package — ask the author where the SDK/CLI come from. - Ask the publisher to update metadata: FOXREACH_API_KEY should be declared as the primary credential so you know a key is required. - If you must test it, use a limited-scope or throwaway API key and run in an isolated environment (container or VM) to limit blast radius. - Prefer a skill that points to an auditable release (PyPI or GitHub release) rather than relying on local editable installs; if the SDK is external, request the exact URL and review its contents before pip installing. - Inspect any integrations/ code before executing; the current package contains only docs (SKILL.md, examples.md, api-reference.md). If the SDK/CLI are later added or fetched automatically, re-evaluate before granting secrets. If the author can provide the missing SDK/CLI files (or point to an official release) and update the manifest to declare FOXREACH_API_KEY, the incoherence would be resolved and the skill would be more straightforward to trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk97579cn6685t9zf1kaz8dcm7x81btz2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments