Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
EDM Email Manager (via Kanban Plugin)
v1.0.1An automated email marketing campaign manager that guides your agent to design responsive HTML emails, manage lists, send via Resend, and track analytics on...
⭐ 0· 196·0 current·0 all-time
byJoey.Z@joeyzzyy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md behavior (generate HTML emails, store local brand/audience files, call an edm_send tool to dispatch via Resend and link to a dashboard) matches the claimed purpose. Minor inconsistency: registry metadata lists no source/homepage, while SKILL.md references a GitHub repo and an external dashboard site (teammate.work). This discrepancy reduces transparency.
Instruction Scope
Instructions remain within the email-campaign domain (collect brand info, write .claw-kanban/edm/brand.json and audience.json, preview local HTML, then call plugin edm_send). However the skill explicitly directs the agent to install and use a companion plugin and to obtain a Dashboard API key from teammate.work — this delegates network activity and credential handling to external components not present in the skill, increasing audit surface. The skill will write local files that may contain PII (mailing lists).
Install Mechanism
No install spec in the skill itself, but the SKILL.md requires running 'openclaw plugins install claw-kanban' to enable Resend and dashboard functionality. That plugin/install step is external and not included for review here. Because the plugin and dashboard endpoints are not bundled or audited in this skill, installing them is a material risk (unknown code, installation side effects, and credential collection handled outside the reviewed artifact).
Credentials
The skill declares no required env vars, but the workflow expects Resend integration and a Dashboard API key from teammate.work (and presumably a Resend API key via the companion plugin). Delegating credential requests to the plugin is reasonable for this purpose, but users should be aware the skill will cause you to provide API keys to third-party components that are not visible in this package.
Persistence & Privilege
The skill will store persistent local files (.claw-kanban/edm/brand.json and audience.json) to hold brand settings and mailing lists. This is consistent with the stated purpose but has privacy implications: these files may contain sensitive contact data and sender details and should be protected (ACLs, encryption) and audited for content and retention.
What to consider before installing
This skill is an instruction-only workflow that depends on a separate 'claw-kanban' plugin and an external dashboard (teammate.work). Before installing or running it: 1) Inspect the companion plugin code (the SKILL.md points to a GitHub repo) and confirm its maintainer/trustworthiness and installation steps. 2) Verify the teammate.work dashboard is legitimate and review its privacy/terms and how it stores API keys and analytics data. 3) Only provide minimal-scoped API keys (create limited Resend/dashboard keys) and avoid using highly privileged credentials. 4) Be aware the workflow will write .claw-kanban/edm/brand.json and audience.json locally — these contain PII (email addresses); protect or encrypt those files and set restrictive file permissions. 5) Test with a small sandbox recipient list first. 6) If you cannot review the companion plugin or are uncomfortable with the external dashboard, do not install the plugin or provide API keys.Like a lobster shell, security has layers — review code before you run it.
edmvk97cm1ntftcedtak7nagyqfjes82v3fjemailvk97cm1ntftcedtak7nagyqfjes82v3fjlatestvk972phmm4j6v4v7rszb8wzn5s1838np6marketingvk97cm1ntftcedtak7nagyqfjes82v3fj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📧 Clawdis