Outreach Pipeline
v1.0.0Manage sales leads and outreach by tracking follow-ups, logging contacts, advancing stages, and generating weekly pipeline reports.
⭐ 0· 35·0 current·0 all-time
byMatt Stvartak@mattstvartak
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: tools for creating/updating leads, logging contacts, scheduling follow-ups, exporting/reporting, and computing stats. Declared dependencies (@lancedb/lancedb, @sinclair/typebox) and local LanceDB storage are coherent with an on-device outreach pipeline.
Instruction Scope
SKILL.md simply instructs the agent how and when to call the provided lead_* tools (e.g., lead_due at session start, lead_contact after outreach). It does not instruct reading unrelated files, accessing unexpected environment variables, or sending data to unknown endpoints. It suggests using a Notion skill for report writing but does not itself attempt network I/O.
Install Mechanism
No install spec is provided (instruction-only plugin) and the package files show normal npm dependencies from the registry. There are no downloads from untrusted URLs or extract steps. Using @lancedb is expected for local DB storage; this is a moderate-but-expected dependency.
Credentials
The skill requests no environment variables, no external credentials, and no config paths beyond a local dataDir (configurable). That is proportionate for a local lead management plugin. The package and code do not access other services or secret-bearing environment variables.
Persistence & Privilege
The plugin stores data on disk (expected). However, there is a bug in resolveDataDir: when a path begins with '~' (the default), the code uses join(homedir(), raw.slice(1)). Because the slice includes a leading '/', path.join may treat the second segment as absolute and resolve to '/.openclaw/...' (root) instead of the user's home directory. That could result in the plugin attempting to create directories at the filesystem root (permission issues or unexpected writes). This is a quality/security concern to address before enabling in production.
Assessment
This plugin appears to do what it claims: local lead tracking with no external network calls or secret requirements. Before installing or enabling it: 1) Fix or override the data directory: either patch resolveDataDir or set plugin config.dataDir to a full absolute path inside your home directory to avoid accidental writes at '/' (for now, avoid accepting the default if you don't want root-level files). 2) Confirm Node 18+ (LanceDB requirements). 3) Review and test in a safe environment (local dev user) to verify data is stored where you expect. 4) Remember the plugin stores potentially sensitive contact data locally—treat that directory accordingly (permissions, backups). 5) If you want to limit risk, run it with the plugin disabled for autonomous invocation until you are comfortable; note the plugin does not request credentials and does not include network exfiltration behavior in the code.Like a lobster shell, security has layers — review code before you run it.
latestvk972f7zyk2eghkhh69td3xef65847szn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.