Skillv1.0.1

ClawScan security

OpenClaw Email Lead Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 7:40 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, helper script, and runtime rules are consistent with an on-device email lead-generation pipeline; nothing requests unrelated credentials or installs unexpected remote code, but there are a few implementation caveats to review before enabling automation or providing SMTP credentials.
Guidance: This skill appears internally coherent for local lead management and template generation. Before installing or enabling automation: 1) Review the helper script fully (it enforces sanitization and path checks but has fallbacks that are less strict when jq is missing). 2) If you plan to send/receive email, only provide SMTP/Gmail credentials after you verify where they are stored in config.yaml and that you are comfortable with that storage and access model. 3) Keep auto-send and cron disabled until you test flows with a sandbox lead and 'manual' email mode so no real emails are sent unexpectedly. 4) Confirm how inbox access is implemented (openclaw CLI/browser automation, IMAP, or API) because the SKILL.md refers to reply-reading behavior but the bundled script doesn't contain network/email client code in the excerpt — understand that component before enabling Tier 2/3. 5) Consider running the skill in a limited test environment first and ensure jq/openclaw are installed for safer JSON handling and cron integration.

Review Dimensions

Purpose & Capability: okName/description match what is present: local pipeline, template generation, scoring, and opt-in cron-driven outreach. Required binaries are standard Unix tools appropriate for the described file and text manipulation. Optional metadata lists SMTP/Gmail credentials and the openclaw CLI which are reasonable for sending/cron features and are declared optional.
Instruction Scope: noteSKILL.md explicitly restrains all file operations to ~/workspace/leadgen and mandates using the bundled helper script for sanitization and path validation — this is good. The cron/reference docs describe inbox checking and sending behavior, but the included helper script excerpt does not show network/email client code (likely Tier 2/Tier 3 is opt-in). Verify how inbox access and sending are implemented and where credentials are stored before enabling those features. The script and docs also require the agent to execute shell commands via exec — expected but worth noting.
Install Mechanism: okInstruction-only skill with included helper script; no remote downloads or installers. No install spec means nothing is fetched from third-party URLs—lowest install risk. The single local script is bundled in the package.
Credentials: noteNo required env vars are declared. Optional env names (SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, GMAIL_APP_PASSWORD) are appropriate for an email-sending feature. Before supplying credentials, confirm exactly when and how they will be used and stored (config.yaml location and any encryption/permissions).
Persistence & Privilege: okalways:false and the skill confines its state to ~/workspace/leadgen. Cron jobs are explicitly opt-in (Tier 3) and the SKILL.md enforces that recurring tasks not be scheduled without explicit user action. The skill does not request system-wide privileges or modifications to other skills.