Skillv0.1.0

ClawScan security

Outreach And Prospecting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 6:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only outreach playbook whose templates, advice, and recommended sources match its stated purpose and it does not request unusual system access or install software.
Guidance: This skill is a coherent, instruction-only outreach playbook — it does not itself collect credentials or install software. Before using it: (1) remember legal and privacy constraints (CAN-SPAM, GDPR, LinkedIn/third-party TOS); don't do bulk scraping or send messages that violate platform rules; (2) if you connect your agent to services like Apollo, Instantly, Crunchbase, or your email/LinkedIn accounts you will need to provide credentials to those integrations — only supply them to trusted tools and limit their scope; (3) test messages with small, targeted batches to avoid reputation damage; (4) avoid pasting sensitive personal data into the model or third-party tools; and (5) if you want automated sending, confirm who/what will actually send messages and that rate-limits, opt-outs, and tracking are handled responsibly.

Review Dimensions

Purpose & Capability: okThe name and description (outreach and prospecting) match the SKILL.md content: ICP definition, lead sources, email and LinkedIn templates, sequencing, and tracking. The skill declares no binaries, no env vars, and no installs — which is proportionate for a playbook/instruction-only skill. Mentions of third-party services (LinkedIn Sales Navigator, Crunchbase, Apollo, Instantly) are relevant to prospecting and are presented as tool suggestions, not required credentials.
Instruction Scope: noteThe SKILL.md stays focused on lead identification, qualification, and messaging templates and does not instruct the agent to read local files, environment variables, or system configs. It does reference external lead sources and SaaS tools; while the instructions don't demand credentials, if an agent or user chooses to integrate with those services they will need accounts/keys and should follow each service's terms. The playbook also warns about reputation risk, which is appropriate.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install model: nothing will be written to disk or fetched at install time by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. References to third-party tools are normative suggestions; the skill does not claim or request access to unrelated credentials or secrets.
Persistence & Privilege: okalways is false and there are no privileged persistence behaviors described. The skill being user-invocable and able to be invoked autonomously is the platform default and is reasonable for this kind of playbook.