Kakiyo Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Kakiyo, but it gives an agent broad power to manage LinkedIn outreach automation, prospects, agents, and webhooks with limited guardrails shown.
Install only if you trust Kakiyo and need agent-controlled LinkedIn outreach. Use a dedicated API key, review every campaign/prospect/agent/webhook change before execution, and be especially careful with actions that resume automation or send events to external webhook URLs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could create or resume outreach that contacts prospects or changes campaign behavior in ways the user did not fully review.
This shows the skill is intended to let the agent perform high-impact outreach automation and account mutations. The provided instructions do not show clear approval or scoping rules before those actions.
Use when users want to create outreach campaigns, add prospects, monitor performance, manage AI agents, or automate LinkedIn messaging.
Require explicit user confirmation before creating, updating, resuming, or bulk-changing campaigns, agents, prospects, or messaging-related settings.
Anyone or anything able to use that configured mcporter connection may be able to call Kakiyo tools with the user's account privileges.
The skill configures a Kakiyo API key as a bearer token for remote MCP calls. This is expected for the service, but it is still delegated account authority.
mcporter config add kakiyo https://api.kakiyo.com/mcp --header "Authorization:Bearer USER_API_KEY"
Use a dedicated, revocable Kakiyo API key if possible, keep the local mcporter config protected, and revoke the key if the environment is shared or compromised.
A webhook pointed at the wrong or untrusted URL could expose prospect activity or campaign events.
The skill can configure webhook destinations for prospect-related events. This is a normal integration feature, but it can send lead or conversation-related events outside Kakiyo.
**create_webhook** - Set up new webhook ... events:'["prospect.replied","prospect.qualified"]'
Only create or update webhooks after confirming the destination URL, event types, and expected payloads.
Resuming an agent may cause ongoing LinkedIn automation beyond the current chat turn.
The skill can control Kakiyo automation agents that may keep operating after the immediate request. This is disclosed and purpose-aligned, but users should treat it as persistent automation.
**resume_agent** - Restart a paused agent
Confirm which agent is being resumed, what limits apply, and how to pause it again before enabling ongoing automation.
Users must trust the Kakiyo MCP endpoint and the mcporter client to handle their commands and API key appropriately.
The skill relies on a remote MCP server for tool behavior rather than local code in the artifact set. This is consistent with a SaaS integration, but it means the supplied artifacts do not expose the server-side implementation.
mcporter config add kakiyo https://api.kakiyo.com/mcp
Verify the endpoint and provider before configuration, and use trusted installations of mcporter.