Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outreach Demo
v1.0.0Research a business website, produce a concise prospect report, recommend concrete OpenClaw use cases, and draft a tailored outreach email. Use when demonstr...
⭐ 0· 171·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included scripts (rendering reports, HTML email, PDF conversion, and a send script). However, send_outreach_package.sh hard-codes a default ACCOUNT (alex.data.assistant@gmail.com) and the SKILL.md explicitly warns against hardcoding sender identity — that's an internal inconsistency and a potential surprise for users.
Instruction Scope
SKILL.md properly constrains actions (public website only, approval gate before sending). The code implements rendering and a separate send script, but there is no programmatic enforcement of the approval gate — sending is an explicit script invocation. The scripts read local files and may transmit content by calling a 'gog gmail send' command; if invoked (manually or by an autonomous agent), they will perform outbound network activity (email send).
Install Mechanism
There is no install spec (instruction-only), but multiple shipped scripts require external binaries: 'gog' (for gmail send) and a Chromium binary for PDF rendering. The registry metadata lists no required binaries; that omission is a mismatch and could cause runtime failures or unexpected external dependencies.
Credentials
The skill does not declare required env vars, yet the scripts read OUTREACH_DEMO_CONFIG, OUTREACH_SENDER_*, CHROME_BIN, and rely on a GOG_ACCOUNT environment variable when invoking the 'gog' CLI. Those environment hooks are reasonable for configuration, but they are not declared in the skill metadata and there is a hardcoded fallback email account in the send script — this is disproportionate to what the description promises and can leak surprising behavior (accidentally using someone else's default sender).
Persistence & Privilege
always is false and the skill does not request persistent privileges. However the skill can send email (via an external CLI) when invoked. Autonomous invocation is allowed by default on the platform; combined with the presence of a send script and default account, that increases the blast radius if an agent is permitted to call the send path without human confirmation. The code itself does not autonomously trigger sends.
What to consider before installing
This skill appears to do what it says (generate briefs and email drafts), but there are some red flags you should address before using it:
- Do not assume required tools are installed: the scripts call 'gog' (a Gmail CLI) and Chromium for PDF output. Install and inspect those tools before running.
- Configure sender identity explicitly: set OUTREACH_SENDER_EMAIL / OUTREACH_SENDER_NAME or supply a config file and do NOT rely on the script's default ACCOUNT (alex.data.assistant@gmail.com). Replace or remove any hardcoded defaults.
- Prevent accidental sends: require a manual approval step in your workflow or disable autonomous invocation for this skill. The code provides a send script but does not enforce the SKILL.md approval gate.
- Audit your local 'gog' configuration: the send script uses the GOG_ACCOUNT environment variable and will execute 'gog gmail send' which will send mail using whatever credentials are configured for that CLI.
- Validate attachment handling: ensure the attachment path/format matches what you intend (SKILL.md references attaching a PDF but some send script usage examples accept HTML). Verify you are attaching the correct, sanitized file.
If you need to proceed: update the metadata to declare required binaries/env vars, remove or change hardcoded defaults, and test the full flow in dry-run mode (send script supports --dry-run) before enabling any automatic or autonomous execution.Like a lobster shell, security has layers — review code before you run it.
demovk97cpde1fn3wr2yz1xcr30827982whr7emailvk97cpde1fn3wr2yz1xcr30827982whr7latestvk97cpde1fn3wr2yz1xcr30827982whr7outreachvk97cpde1fn3wr2yz1xcr30827982whr7prospectingvk97cpde1fn3wr2yz1xcr30827982whr7researchvk97cpde1fn3wr2yz1xcr30827982whr7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.