Cold Outreach Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s outreach purpose is clear, but its setup guidance can pull unpinned upstream skills and update all installed ClawHub skills while using provider API keys and contact data.
Review the upstream skills before use, avoid running `update --all` unless you intend to update every installed skill, use scoped API keys, and confirm that your outreach lead data and campaign use comply with your organization’s privacy and anti-spam rules.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or updating could change more than this outreach workflow, potentially affecting other skills or using versions different from those the author says were inspected.
The skill references inspected upstream versions but tells users to install latest packages and run a broad update of all ClawHub skills, which can pull unreviewed changes or alter unrelated skills.
Install/update with ClawHub: `npx -y clawhub@latest install apollo-api` ... `npx -y clawhub@latest update --all`
Install or update only the named required skills, pin them to reviewed versions where possible, and avoid `update --all` unless you intentionally want to update every installed skill.
The workflow may operate with account-level API authority, including LinkedIn-connected context and MachFive campaign access.
The required credentials and upstream LinkedIn capability can access provider accounts; this is disclosed and mostly purpose-aligned, but broader than simple draft generation.
`MATON_API_KEY` for `apollo-api` and `linkedin-api` (Maton gateway); `MACHFIVE_API_KEY` for `cold-email`; LinkedIn includes `Authenticated profile/user info endpoints` and `Content/posting APIs (`ugcPosts`).`
Use least-privilege API keys or test accounts where possible, verify what LinkedIn permissions the Maton connection has, and do not grant posting permissions unless you explicitly need them.
Business contact information and campaign context may be sent to Apollo, Maton/LinkedIn, and MachFive systems.
Lead records containing personal contact details are intended to flow through external provider APIs for generation and export.
Normalized lead schema includes `name`, `title`, `company`, `email`, `linkedin_url`; MachFive `/generate-batch` returns `list_id`; poll list status; export when complete.
Use only leads you are allowed to process, avoid adding unnecessary sensitive data, and confirm provider privacy/compliance requirements before batch generation.