Install
openclaw skills install @mohitagw15856/brand-impersonation-responseRespond to a brand or executive impersonation incident — deepfaked executives, cloned support lines, fake apps, spoofed domains, or AI-generated scam content wearing your name. Use when a deepfake of a leader is circulating, customers report a fake version of your product or support channel, or to prepare the impersonation playbook before it happens. Produces an incident response: verification protocol, takedown sequencing by platform, customer and public communications, and the hardening plan. For general crisis comms use press-release/pm-crisis skills; for security incidents inside your systems use security-incident-response.
openclaw skills install @mohitagw15856/brand-impersonation-responseCheap generative tools made impersonation an industrial product: a CEO deepfake pushing a token, a cloned support line harvesting card numbers, a spoofed checkout collecting credentials. The attack isn't on your systems — it's on your customers' trust, using your face. Speed and sequencing decide the damage; this skill runs both.
Ask for (if not already provided):
Phase 1 — Verify and preserve (first hours). Confirm fabrication with the impersonated party directly (deepfakes are good; "that's obviously fake" is not a verification method). Preserve everything before takedowns delete the evidence: URLs, hashes, screen recordings, WHOIS, wallet addresses, timestamps — the takedown kills the scam, the evidence supports fraud referrals and platform escalation. Quietly assess reach; do not publicly respond yet — a statement about a 400-view scam gives it 40,000.
Phase 2 — Contain (same day). Takedowns in parallel, sequenced by harm-per-hour:
Phase 3 — Communicate (as reach demands). The proportionality rule: warn the targeted, inform the asking, broadcast only when reach forces it.
Phase 4 — Harden (the week after). Verification anchors customers can check (verified handles list on your domain, DMARC/BIMI, signed comms for high-stakes messages) · monitoring for the next round (domain-permutation watch, brand-mention alerts, app-store sweeps — impersonators retry) · the internal deepfake protocol (a "CEO" voice call requesting a transfer gets a callback on a known number — write it down now) · pre-registered abuse contacts at the platforms that were slow this time.
Verification: [how fabrication was confirmed · evidence preserved (list) · reach assessment]
Takedown log
| Target | Channel used | Filed | Status | Escalation path |
|---|
Communications (drafted, per audience): [targeted-customer notice · support script · public statement (with its reach trigger) · executive's personal statement if applicable]
The never-ask anchor: [the exact line, everywhere]
Hardening plan: [verification anchors · monitoring · internal deepfake protocol · owner + dates]