Cold Email Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill does what it says—scrapes business websites and uses local Ollama to draft cold emails—but users should review its external scraper dependency, local lead-list access, and generated output before use.
Before installing or using this skill, confirm you trust the referenced Scrapling scraper and local Ollama setup, review the local lead list before running --list, and inspect generated emails before sending them. The artifacts do not show credential use, background persistence, or automatic email sending.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The visible generator code may be benign, but the actual scraping behavior also depends on another local script that was not reviewed here.
The runtime depends on a local scraper script that is referenced but not included in the provided file manifest. The dependency is disclosed, but users must separately trust and maintain that helper.
SCRAPE_SCRIPT = "/Users/wlc-studio/StudioBrain/00_SYSTEM/skills/scrapling/scrape.py"
Confirm the Scrapling scraper path points to a trusted local script before using the skill, especially before running batch mode.
Using the skill will run local programs on the machine, including Ollama and the referenced scraper.
The skill invokes local commands at runtime to run the scraper and Ollama. This is central to the stated purpose and uses fixed argument lists rather than shell execution, but it is still local command execution users should expect.
subprocess.run(["ollama", "run", "llama3.2", prompt], capture_output=True, text=True, timeout=120)
Use it only on a machine where Ollama and the scraper are intentionally installed and trusted.
A target website could cause the generated draft to include unwanted wording, claims, or off-topic content.
Untrusted website text is inserted directly into the model prompt. A webpage containing prompt-like instructions could influence the generated email content, although the artifacts only show text generation and not automatic sending.
context_section = f"Here's what their website says: {scraped_content}"Review each generated email before saving or sending it, and avoid treating scraped website text as trusted instructions.
Running --list can process every URL found in the local lead list and optionally save generated outreach files.
Batch mode reads a local internal lead list and uses that retrieved context to process multiple businesses. This is purpose-aligned, but the file may contain business contact data or stale/incorrect entries.
LEADS_FILE = Path.home() / "StudioBrain/30_INTERNAL/WLC-Services/LEADS/MASTER_LEAD_LIST.md" ... content = LEADS_FILE.read_text()
Review the lead list before batch use and use --save only when you are comfortable storing the generated outreach locally.