ClawHub

Foxreach Cold Outrach

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned, but it can change FoxReach account data and start live cold-email campaigns with under-scoped safeguards.

Review before installing. Use only in a trusted project, inspect the referenced SDK/CLI before giving it an API key, prefer a least-privileged FoxReach key, and require explicit confirmation plus a dry-run summary before deleting data, adding recipients or senders, or starting campaigns.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example performs a destructive delete operation on a lead with no surrounding warning, confirmation guidance, or indication that the action is irreversible. In an agent skill context, examples often shape model behavior, so this can normalize unsafe execution of real data-deletion actions against production FoxReach accounts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The full campaign setup example culminates in starting a campaign, which triggers live outreach activity, but it provides no warning that real emails may be sent to actual leads. In this skill's cold-email automation context, that omission is especially risky because an agent or user may treat the example as safe boilerplate and unintentionally launch outbound messaging at scale.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill repeatedly shows patterns like embedding `otr_...` API keys directly in Python code, shell commands, and CLI arguments. This is dangerous because secrets can be exposed in shell history, process listings, logs, transcripts, crash reports, or model outputs, especially in an agent environment that may echo commands or retain execution context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal