ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Email Subject Line Tester

v1.0.0

Email subject line optimization agent. Generates 10 subject line variants for any email, scores each by open rate predictors (urgency, personalization, curio...

0· 62·1 current·1 all-time
by@mguozhen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and commands align with an email subject line optimization tool. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md confines operations to generating/scoring subject lines and saving session data. It instructs the agent to create ~/email-subjects/ and write memory.md, history/, and benchmarks.md — which is consistent with the stated workspace behavior but means user-provided or pasted content (including any PII) will be stored locally.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing will be downloaded or written during installation beyond the agent executing its instructions at runtime.
Credentials
No environment variables, credentials, or external integrations are required. The absence of secrets is proportionate to the declared functionality.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It does request the agent use Bash (allowed-tools), which allows reading/writing files when the skill runs — appropriate for saving history but worth noting since it enables filesystem writes to the user's home directory.
Assessment
This skill appears coherent for subject-line generation and A/B test guidance. Before using it: (1) review and sanitize any pasted competitor or audience data you don’t want stored, since the agent will save sessions and profiles to ~/email-subjects/; (2) be aware that allowed-tools: Bash permits filesystem operations — verify what files are created and their permissions; (3) confirm the spam-check and benchmark logic are internal (no external calls) if you want to avoid sending data to third parties; (4) optionally inspect the referenced GitHub repo before enabling, and run the agent in an environment where writing to your home directory is acceptable.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkmxnzj12zr4w8ekd8d7e39839kvj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments