Skillv1.0.0

ClawScan security

Cold Email Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 9:05 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill broadly matches a cold-email tool, but its documentation, declared requirements, and included scripts are inconsistent — it asks for capabilities (Google Sheets, Hunter/Apollo, SMTP) that are not implemented and it fails to declare required API keys in the registry metadata.
Guidance: This package is plausibly a working cold-email tool, but it contains several inconsistencies you should understand before installing: - The registry metadata claims no required env vars, but the scripts require RESEND_API_KEY or SENDGRID_API_KEY at runtime (and the README mentions SMTP). Expect to provide API keys if you run it. The skill should have declared those env vars but didn't. - SKILL.md advertises Google Sheets, Hunter.io/Apollo, and raw SMTP support; the included code only implements CSV input, website scraping for emails, and Resend/SendGrid sending. If you need Sheets or vendor integrations, they are not present. - The enrichment script fetches arbitrary public websites to extract emails. This is expected for enrichment, but be aware of legal and ethical considerations (website scraping rules, terms of service, and privacy laws). Do not run it against harvested/purchased consumer lists or where scraping is prohibited. - The tool writes local files (suppression list, send log). Review those files and the code so you know what is stored locally. Run with --dry-run first to confirm behavior. - Verify any API keys you provide are scoped appropriately and rotate them after testing. Prefer using a dedicated sending account/domain you control, and ensure SPF/DKIM/DMARC are configured as advised. What would raise confidence: updated registry metadata declaring required env vars, removal or clear labeling of unimplemented features in SKILL.md (or addition of Sheets/Hunter/APIs in code), and explicit rate-limit, retry, and consent-enforcement code for compliance. If you want, I can list the exact lines to change or produce a minimal checklist to safely test this skill in an isolated environment.

Review Dimensions

Purpose & Capability: concernThe name/description match the code: sending emails and enriching leads. However the SKILL.md advertises support for Google Sheets, Hunter.io, Apollo, and raw SMTP, while the included scripts only implement website scraping and sending via Resend or SendGrid. The registry lists no required env vars even though the code expects RESEND_API_KEY or SENDGRID_API_KEY (and mentions SMTP credentials). This mismatch between claimed capabilities and actual implementation is incoherent.
Instruction Scope: concernThe runtime instructions describe sourcing leads from CSV/Sheets/APIs and enriching via vendor APIs or scraping. The code implements CSV I/O and a scraper (scripts/enrich-leads.js) that fetches arbitrary websites and extracts email addresses — behavior consistent with enrichment but potentially broad (network fetches across many domains). The SKILL.md promises Google Sheets and vendor integrations that are not present; it also claims compliance checks (CAN‑SPAM/GDPR) but enforcement is limited to a suppression file and suggested template requirements, not programmatic checks.
Install Mechanism: okNo install spec; this is instruction/code-only and nothing is automatically downloaded or extracted. That lowers installation risk — files are included in the skill bundle and run locally by the user.
Credentials: concernRegistry metadata lists no required env vars but the code explicitly uses RESEND_API_KEY and SENDGRID_API_KEY and will need SMTP credentials if that path were implemented. The absence of declared required credentials is a mismatch that could mislead users into not providing required secrets or accidentally supplying the wrong ones. Otherwise, environment access appears limited to these API keys and normal filesystem/network access.
Persistence & Privilege: okThe skill is not always-on and does not request elevated agent privileges. It writes local logs/tracking files (send-log.csv, suppression.txt) in its directory but does not attempt to modify other skills or global agent configuration.