ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Campaign Orchestrator

v1.0.0

Multi-channel follow-up campaign orchestrator for ShapeScale sales. Schedules and executes SMS + Email sequences with CRM logging and auto-termination on replies. Use when following up with demo leads or managing outreach campaigns.

0· 2.6k·3 current·3 all-time
by@kesslerio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kesslerio/campaign-orchestrator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Campaign Orchestrator" (kesslerio/campaign-orchestrator) from ClawHub.
Skill page: https://clawhub.ai/kesslerio/campaign-orchestrator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install kesslerio/campaign-orchestrator

ClawHub CLI

Package manager switcher

npx clawhub@latest install campaign-orchestrator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Requested environment variables (DIALPAD_API_KEY, ATTIO_API_KEY, GOG_KEYRING_PASSWORD) match the described integrations (Dialpad SMS, Attio CRM, Gmail via gog). However, the code and SKILL.md also reference external helper tools and hard-coded filesystem paths (e.g., /home/art/niemand/skills/dialpad/send_sms.py and gog-shapescale) that are not declared as required binaries or provided in the package. That missing/dependent tooling is an incoherence: the skill implicitly requires other local scripts/tools that are not described or installed.
!
Instruction Scope
SKILL.md promises CRM logging ('All activities recorded in Attio') and multi-channel sending, but webhook_handler.py contains a TODO for Attio logging (not implemented). The sending/integration points shown call out-of-repository commands (python3 /home/.../send_sms.py, gog-shapescale) rather than internal library calls; these external invocations are not declared as required binaries. Webhook matching is simplistic (matches by lead name or name appearing in message) rather than using message IDs or authenticated webhook verification — this can cause false positives/incorrect terminations. SKILL.md also instructs humans/agents to 'search memory/CRM' and perform manual checks; those are operational checks but grant broad discretion and rely on external data sources not formalized in the code.
Install Mechanism
There is no install spec (instruction-only install), which minimizes install-time risk. However, the runtime depends on third-party/local scripts and tools (Dialpad send script, gog-shapescale) and expects a Clawdbot cron scheduler; none of those are installed or described here. The lack of an install mechanism combined with hard-coded absolute paths increases the chance the skill will fail or call unexpected binaries on install/run.
Credentials
The requested env vars are relevant to the stated purpose: Dialpad and Attio API keys and a Google keyring password for Gmail access. That set is small and proportional. Caveats: GOG_KEYRING_PASSWORD appears to be a Google credential stored in a keyring — high sensitivity; the skill does not document how credentials are used nor whether they are transmitted to any external endpoint. Ensure secrets are stored securely and scope-limited (least privilege).
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It writes state to a workspace path (default /home/art/niemand/state/campaign-orchestrator/campaigns.json) which is expected for this kind of tool, but the hard-coded default workspace and file location could inadvertently expose data if deployed in a shared environment. Webhook server runs without authentication by default (HTTP on configurable PORT) — deploying publicly without auth/TLS is risky.
What to consider before installing
Things to check before installing or running this skill: - Missing dependencies: The code calls out-of-repository helpers (e.g., /home/art/niemand/skills/dialpad/send_sms.py and gog-shapescale). Ask the author for the exact required helper scripts or include them. Do not assume those paths exist or are trustworthy. - Incomplete Attio logging: SKILL.md claims all activity is logged to Attio, but webhook_handler.py has a TODO for Attio logging. Verify the Attio integration is implemented and inspect that code to ensure no sensitive data is exfiltrated. - Secrets handling: GOG_KEYRING_PASSWORD is a highly sensitive Google credential. Confirm how it's stored/used, ensure least-privilege OAuth tokens are used instead of raw passwords, and avoid putting credentials in world-readable files. Consider using short-lived tokens and scoped API keys. - Webhook security: webhook_handler.py runs an unauthenticated HTTP server by default. If you expose this to the internet, require TLS and verify Dialpad webhook signatures or IP allowlisting to prevent forged replies or denial-of-service. - Matching logic: The webhook matches campaigns by name or membership of the lead name in the message text, not by message IDs. This can cause false matches. Review and prefer explicit message/campaign identifiers returned by Dialpad when sending messages. - Workspace paths: The default WORKSPACE=/home/art/niemand is hard-coded. If deploying to a shared or cloud host, change to a safe, isolated path and ensure file permissions restrict access to state/campaigns.json. - Code provenance and completeness: The skill source is 'unknown' and the homepage repo should be examined. Request the full repo or provenance, and ask for missing components (scheduler, senders) and for tests demonstrating Attio/Gmail/Dialpad interactions. If you intend to use this, run it in an isolated environment (dedicated service account, isolated workspace), review/complete the missing integrations, and perform a security review of any external helper scripts before granting API keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk973b2bn73xsc8vkj3zpveg2eh809yq7
2.6kdownloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@kesslerio
latest
Download

Campaign Orchestrator Skill

Multi-channel follow-up campaign orchestrator for ShapeScale sales. Executes scheduled SMS + Email sequences with CRM integration and auto-termination on replies.

Overview

A Campaign is a defined sequence of steps (SMS/Email) that executes over time. When a lead replies to any message, the campaign automatically terminates.

Key Features

  • Multi-channel: SMS (Dialpad) + Email (Gmail)
  • Scheduled: Cron-based execution with configurable delays
  • Personalized: Templates filled from Attio CRM data
  • Auto-terminating: Replies stop all future scheduled steps
  • Logged: All activities recorded in Attio

Setup

Environment variables required:

DIALPAD_API_KEY=your_dialpad_api_key
ATTIO_API_KEY=your_attio_api_key
GOG_KEYRING_PASSWORD=your_google_password  # For Gmail access

Also ensure:

  • Dialpad webhook is configured to hit this server
  • Attio has company/contact records for leads
  • Gmail API access enabled for sales email

Usage

Start a Campaign

# Start primary follow-up campaign for a lead
python3 campaign.py start "primary" --lead "Apex Fitness"

# Start with custom delay override (hours)
python3 campaign.py start "primary" --lead "Apex Fitness" --delay 2

# Start with Attio deal/company ID
python3 campaign.py start "post-demo" --lead "Apex Fitness" --attio-id "deal-uuid"

Pre-Campaign Checklist (MANDATORY)

Before starting ANY campaign, verify:

  1. Customer Status Check

    • Search memory/CRM for "already a customer" or "purchased" flags
    • Check exclusion list in campaigns.json
    • Verify email domain not in customer database

  2. Email Formatting Check (for email steps)

    • Preview template renders as proper paragraphs
    • 2-4 sentences per paragraph, blank line between
    • No single-sentence orphan paragraphs
    • No hard line breaks mid-paragraph

  3. Tone Check

    • No apologetic language ("no worries", "sorry to bother")
    • No easy outs ("if not relevant, no problem")
    • Professional, not needy

NEVER campaign to existing customers unless explicitly requested for upsell.

Check Campaign Status

# Status for specific lead
python3 campaign.py status "Apex Fitness"

# All active campaigns
python3 campaign.py list

Stop a Campaign

# Manual termination (lead replied, not interested, etc.)
python3 campaign.py stop "Apex Fitness" --reason "replied_interested"

Remove a Lead

# Remove lead from campaigns (opted out, not interested)
python3 campaign.py remove "Apex Fitness"

Check for Responses

# Check if lead has responded to any prior messages
python3 campaign.py check "Apex Fitness"
# Shows response status for each completed step
# Warns if responses detected (safe to proceed or terminate)

View Pending Steps

# Show all pending campaign steps sorted by time
python3 campaign.py pending
# Useful for seeing what's due soon across all campaigns

Template Management

# List available templates
python3 campaign.py templates

# Preview a template
python3 campaign.py preview "primary"

Campaign Templates

TemplateTimingChannelPurpose
primary+4 hoursSMSRecap demo, share recording
secondary+1 dayEmailPricing, detailed ROI
tertiary+4 daysSMSQuick check-in
quaternary+7 daysEmailFinal follow-up, case study
post-demo+0 hoursSMSImmediate thank you

Template Variables

Templates support variable substitution:

{name}      - Lead first name
{company}   - Company name
{deal_value} - Deal value from Attio
{owner}     - Sales owner name
{demo_notes} - Notes from demo conversation
{checkout_link} - Personalized checkout URL

Architecture

campaign-orchestrator/
├── SKILL.md              # This file
├── campaign.py           # Main CLI (start, stop, status, list)
├── webhook_handler.py    # Processes reply → termination
├── primary.md            # SMS follow-up template
├── secondary.md          # Email template
├── post-demo.md          # Immediate follow-up template
└── state/
    └── campaigns.json    # Campaign state persistence

State Management

Campaign state is stored in <workspace>/state/campaigns.json:

{
  "campaigns": {
    "Apex Fitness": {
      "template": "primary",
      "attio_id": "deal-uuid",
      "started": "2026-01-27T13:00:00Z",
      "steps_completed": ["sms_primary"],
      "next_step": "email_secondary",
      "next_scheduled": "2026-01-28T13:00:00Z",
      "status": "active"
    }
  },
  "templates": {
    "primary": {...},
    "secondary": {...}
  }
}

Cron Integration

Campaign steps are executed via Clawdbot's cron system:

  • Executor job: Runs every 5 minutes to check for due steps
  • Per-campaign jobs: Created for each scheduled step

The scheduler script creates and manages these jobs automatically.

Webhook Handling

When Dialpad receives a reply to a campaign message:

  1. Dialpad sends webhook to server
  2. webhook_handler.py parses the reply
  3. Looks up which campaign the original message belonged to
  4. Marks campaign as terminated
  5. Logs the reply to Attio

Integration Points

Dialpad SMS

python3 /home/art/niemand/skills/dialpad/send_sms.py --to "+14155551234" --message "..."

Gmail (via gog)

gog-shapescale --account martin@shapescale.com send-email --to "lead@company.com" --subject "..." --body "..."

Attio CRM

attio note companies "company-uuid" "Campaign message sent: {message}"

Examples

Full Campaign Workflow

# 1. After demo, start campaign
/campaign start "post-demo" --lead "Dr. Smith's Clinic"

# 2. Check status next day
/campaign status "Dr. Smith's Clinic"
# Output: Step 1 sent, Step 2 scheduled for tomorrow

# 3. Lead replies "interested"
# Webhook automatically terminates campaign
# Logs reply to Attio

# 4. Manual follow-up if needed
/campaign start "secondary" --lead "Dr. Smith's Clinic" --delay 0

Monitoring Active Campaigns

# List all active
/campaign list

# Output:
# Active Campaigns:
# - Apex Fitness (primary) - Step 2/4, next: email
# - Dr. Smith's Clinic (post-demo) - Complete
# - Wellness Center (tertiary) - Step 1/3, next: sms

Troubleshooting

Campaign not sending:

  • Check cron is running: crontab -l
  • Check logs: journalctl -u moltbot or campaign logs
  • Verify API keys: echo $DIALPAD_API_KEY

Webhook not terminating:

  • Verify Dialpad webhook URL is configured
  • Check webhook handler is running
  • Check campaigns.json for matching lead

Template variables not filling:

  • Verify lead exists in Attio with required fields
  • Check template syntax: {variable} not { variable }

License

Part of shapescale-moltbot-skills. See parent repository.

Comments

Loading comments...