Foxreach
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: foxreach Version: 0.1.1 The skill is classified as suspicious due to the broad permissions granted in `SKILL.md`, specifically `Bash(python *)`, `Read`, `Grep`, and `Glob`. While these tools might be plausibly needed for a complex SDK integration, `Bash(python *)` allows for arbitrary Python code execution, which presents a significant vulnerability for potential Remote Code Execution (RCE) if the AI agent were to be compromised via prompt injection. However, the skill's instructions and examples do not demonstrate or encourage malicious behavior; instead, they promote secure practices like obtaining API keys from the environment and confirming destructive operations with the user. There is no evidence of intentional data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation within the provided files. The external endpoint `https://api.foxreach.io/api/v1` is consistent with the skill's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misinterprets a request, it could alter or delete FoxReach records or launch outreach to many recipients.
The skill lets the agent run Python SDK calls that can delete data, bulk modify campaigns, and start outreach, but the instructions do not require confirmation, limits, or a preview before these high-impact actions.
allowed-tools: Bash(python *), ... | Delete | `client.leads.delete(lead_id)` | | Start | `client.campaigns.start(campaign_id)` | | Add Leads | `client.campaigns.add_leads(campaign_id, [lead_ids])` | Bulk add |
Require explicit user confirmation and a dry-run/preview for campaign start, delete, bulk add, email-account removal, and sequence/template mutations; show IDs, counts, affected accounts, and reversibility before executing.
Anyone with the API key may be able to access or modify FoxReach leads, campaigns, inbox data, and sender accounts within that workspace.
A FoxReach API key is expected for the integration and can optionally be stored by the CLI config; this is purpose-aligned but sensitive, especially because registry metadata does not declare a primary credential.
Both use API key authentication with keys prefixed `otr_`... Always get the API key from the user or environment... config set-key --key otr_...
Use a least-privileged key if available, prefer secure environment or secret storage, avoid pasting keys into shared logs or chat history, and document where CLI config stores the key.
The setup may fail, or the user may end up installing unreviewed local code before giving it a FoxReach API key.
The reviewed manifest contains only documentation files and no SDK/CLI code or install spec, so this setup depends on code outside the supplied artifacts.
The Python SDK is at `integrations/sdk-python/` and the CLI is at `integrations/cli/`... cd integrations/sdk-python && pip install -e .
Verify the SDK/CLI source before installing, pin or include the expected package, and add an install spec or provenance details for the referenced code.