ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Echo Sales Ai

v1.0.0

AI sales assistant that classifies leads, interprets feedback, generates quotes, and manages your manufacturing and technical sales pipeline via email integr...

0· 625·0 current·0 all-time
byRushabh Doshi@doshirush1901
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared registry metadata lists no required credentials or config paths, but the code requires Gmail OAuth credentials (credentials.json at ~/.echo_credentials), stores an OAuth token (./data/token.pickle), and uses an OpenAI API key and a Telegram bot token. Those capabilities (Gmail read/send, Telegram bot, OpenAI usage) are plausible for a sales assistant, but they are not declared in the skill manifest — that mismatch is a red flag. Additionally, the repository contains an unrelated 'echo' virtual-girlfriend skill.md and duplicated/templated files, suggesting the package was cobbled together from multiple projects.
!
Instruction Scope
SKILL.md describes continuous email monitoring, CRM updates, enrichment and dispatch of emails. The runtime files implement Gmail access (read + send) and a Telegram bot and will persist credentials/tokens locally. The SKILL.md and README omit explicit, safe instructions for providing OAuth credentials and do not warn about storing tokens or embedded keys. The skill's instructions and code also reference local config paths and scripts that are not declared in the registry (e.g., ~/.echo_credentials/credentials.json, ./data/token.pickle, config.yaml).
Install Mechanism
There is no formal install spec; the package is instruction-only in the registry, but a requirements.txt and package.json are included. Installing requires typical pip packages (google API libs, python-telegram-bot, openai), which is reasonable for functionality, but the absence of an explicit install/permission guide in the manifest and the presence of an empty or mismatched package.json (lists 'python' as an npm dependency) is sloppy and increases the chance of misconfiguration.
!
Credentials
The repo contains hardcoded secrets in echo-skill/config.yaml: a telegram_token value and an apparent OpenAI API key. The code also expects a local Google OAuth credentials file and will request Gmail read/send scopes. None of these credentials are declared in the registry's required env/config lists, and embedding tokens in repo files is inappropriate. Requesting Gmail send permissions plus an OpenAI key is proportionate to the stated feature set only if handled securely — here they are exposed in files and not described in the manifest.
Persistence & Privilege
The skill stores OAuth tokens to disk (./data/token.pickle) and expects persistent credentials under ~/.echo_credentials. 'always' is false and the skill does not declare system-wide modifications, but because it obtains Gmail send permissions and persists auth tokens, installing it grants ongoing ability to read/send email from the connected mailbox until tokens are revoked.
Scan Findings in Context
[hardcoded_openai_key_in_config] unexpected: echo-skill/config.yaml contains a value that looks like an OpenAI API key embedded directly in the repo. Storing API keys in repository files is unsafe; the registry did not declare an OpenAI credential requirement.
[hardcoded_telegram_token_in_config] unexpected: echo-skill/config.yaml contains a Telegram bot token. A Telegram token is plausible for a bot feature, but it should not be committed into code. The manifest did not declare this config path.
[gmail_oauth_scopes_requested] expected: The code requests Gmail scopes (read and send). Those scopes are expected for an email-processing and dispatching skill, but they must be declared and handled securely; here they are implemented without manifest-level disclosures.
What to consider before installing
This package contains working code that will access your Gmail (read + send), use the OpenAI API, and run a Telegram bot — and the repo includes embedded credentials. Before installing: 1) Do NOT run it with the included config.yaml as-is — rotate or remove any tokens and treat them as compromised. 2) Replace embedded keys with environment-based or secure vault references and remove secrets from the repo. 3) Confirm and restrict Gmail OAuth scopes and revoke tokens after testing. 4) Audit the code (especially echo_skill.py and agents) to ensure it only accesses the accounts you expect and doesn't exfiltrate data elsewhere. 5) Run initially in an isolated environment or sandbox and monitor network activity. 6) If you only want classification/help drafting, consider a version that does NOT request Gmail send permissions or persist tokens. If you are not comfortable performing these checks, do not install this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9700hmqwzenyzz8fc76fg7gy981ej2s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments