Outreach Demo
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its outreach purpose, but its approved-send path uses Gmail through undeclared local tooling and defaults to a hard-coded sender account.
Review and fix the Gmail sender setup before using this skill to send email. It is reasonable for draft/report generation, but do not approve outbound messages until the sender account, recipient, subject, body, and attachment are all shown and correct.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can send an outreach email with an attachment to a real recipient.
The skill can perform an external email-send action, but the artifact also requires recipient/message-specific approval before use.
Do not send email automatically. Sending is allowed only after explicit user approval for that recipient/message. ... For actual HTML+brief send, use: scripts/send_outreach_package.sh --to <email> --subject <subject> --text <txt> --html <html> --attach <brief.pdf>
Only approve sends after checking the recipient, subject, body, attachment, and sender account; use dry-run or draft-only mode when possible.
An approved email may be attempted or sent using an unexpected Gmail profile, or the workflow may fail because the required account is not available.
The outbound Gmail command defaults to a fixed personal-looking account and forces that account selector into the environment, rather than requiring the configured sender account.
ACCOUNT="alex.data.assistant@gmail.com" ... GOG_ACCOUNT="$ACCOUNT" "${CMD[@]}"Remove the hard-coded default, require an explicit configured sender account, show the sender in the approval preview, and declare the Gmail account requirement in metadata.
Users may not realize that successful sending/rendering depends on local tools and Gmail account configuration outside the declared requirements.
The registry contract does not declare the local tools or account setup needed by the included Gmail send and PDF rendering scripts.
No install spec — this is an instruction-only skill. ... Required binaries (all must exist): none ... Primary credential: none
Declare required/optional binaries such as gog and Chromium, and document the Gmail credential/profile setup needed for sending.
This is purpose-aligned PDF generation, but users should avoid feeding arbitrary untrusted HTML into the renderer.
The PDF workflow launches a local headless Chromium process with sandboxing disabled to render an HTML file.
"$CHROME_BIN" --headless=new --disable-gpu --no-sandbox --print-to-pdf="$OUTPUT" "$INPUT_URL"
Render only the skill-generated HTML brief, use a trusted Chromium binary, and consider avoiding --no-sandbox where the environment supports sandboxing.