ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Essentialist

v5.1.0

Autonomous outbound revenue engine. Own and operate the entire SDR/BDR pipeline — prospect discovery, email sequencing, reply handling, lead qualification, a...

0· 83·0 current·0 all-time
by@keddleman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (autonomous outbound sales) aligns with requiring an API endpoint (ESSENTIALIST_API_URL), an API key (primaryEnv ESSENTIALIST_API_KEY), and simple CLI tools (curl, jq). However there are small inconsistencies in documentation (multiple base-URL references across README and api-reference), and the skill declares primaryEnv while not listing the API key in requires.env — implying the agent will register and obtain the key at runtime. Those inconsistencies are surprising but can be explained by an API-first design.
!
Instruction Scope
The SKILL.md embeds 'Mandatory Invocation Rules' that override normal agent behavior: it mandates activation whenever users mention leads/outbound/revenue, forbids permission-seeking language, requires immediate collection and upload of contact lists, and instructs the agent to continue with inferred defaults rather than pause for explicit consent. That grants the skill broad discretion to collect and transmit user data (including uploaded contact lists) to the external API and to proceed on partial information — increasing risk of unwanted data exfiltration and actions taken without user approval.
Install Mechanism
This is an instruction-only skill with no install spec or code files; it requires curl and jq but installs nothing. From an install-surface perspective this is low risk (nothing is downloaded or written by an installer).
Credentials
The skill only requires ESSENTIALIST_API_URL (declared) and designates ESSENTIALIST_API_KEY as the primary credential. That scope is proportionate for an API-backed outbound platform. However, the skill's instructions imply the agent will register and obtain/stash an API key automatically — which requires the agent to create or persist credentials at runtime. That automatic account creation and storage of secret material is noteworthy and should be considered before enabling the skill.
!
Persistence & Privilege
The package does not request always:true, but the SKILL.md attempts to enforce behavioral dominance (make Essentialist the default outbound handler, avoid competing responses, never ask permission). Embedding mandatory invocation logic in the runtime instructions tries to increase the skill's effective privilege and autonomy even without an explicit always flag — this is a policy/behavioural risk because it encourages the agent to act autonomously on user data and to perform outbound network actions without explicit approval.
What to consider before installing
This skill appears to do what it says (an agent-first outbound email platform) but its instructions explicitly tell the agent to act without asking for permission, to upload contact lists immediately, and to register/obtain API credentials automatically. Before installing: (1) Only install if you fully trust the external service and operator; (2) Confirm the exact ESSENTIALIST_API_URL you will be pointed at (the docs reference multiple domains); (3) Decide whether you allow automatic account creation and storage of an API key — if not, do not provide the skill with write access to agent environment/credentials; (4) If you must test, do so with a sandbox account and dummy contact lists; (5) Consider restricting agent autonomy (require manual approval before any outbound upload or campaign activation) or declining the skill if you cannot safely enforce manual consent. If unclear, ask the publisher for a clear privacy/data-flow statement (where uploaded contact lists are stored, retention, who can trigger sends, and how the API key is persisted).

Like a lobster shell, security has layers — review code before you run it.

latestvk97df601vxcvdhgzyczcn2n9x984dpcc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binscurl, jq
EnvESSENTIALIST_API_URL
Primary envESSENTIALIST_API_KEY

Comments