ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Campaign Management

v1.0.0

Read campaign packages, manage campaign state, generate intelligence reports. Entry point for all campaign operations.

0· 24·1 current·1 all-time
by@nadavnaveh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and SKILL.md consistently describe reading campaign packages, tracking state, and producing reports. However the skill also describes 'outreach' and 'autonomous' modes (sending email/LinkedIn/social) that would normally require external account credentials and API access; those are not declared. The absence of required credentials is an incoherence worth flagging.
!
Instruction Scope
SKILL.md directs the agent to read and write campaign files (campaigns/<name>/, state.json, outbox, logs) which is expected, but instructions are high-level and open-ended (e.g., 'begins execution based on mode', 'researcher discovers' leads). There are no explicit constraints on data sources, no explicit steps for sending messages, and no guidance limiting what external endpoints or accounts the agent may call. This grants broad discretion to perform network actions and potentially send outreach without explicit safeguards.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk (nothing is written by an installer).
!
Credentials
No environment variables, credentials, or config paths are declared despite describing features that would typically require them (email provider credentials, OAuth tokens for LinkedIn/X, SMTP/API keys, domain management). The skill neither requests nor documents least-privilege access, raising ambiguity about how the agent is expected to obtain and use those secrets.
Persistence & Privilege
always is false and model invocation is allowed (normal). The combination of autonomous/outreach capabilities with autonomous invocation increases potential impact if the agent has access to sending credentials or network access, but the skill does not request permanent system-level privileges or modify other skills.
What to consider before installing
This skill appears to be a campaign manager that can discover leads and perform outreach, but the SKILL.md is vague about how outreach is executed and does not declare the credentials or connectors that would be required. Before installing or enabling it: - Ask the publisher which credentials or connectors it needs (SMTP/API keys, Google/Gmail/OAuth, LinkedIn/X tokens, social account tokens) and why. Require explicit declaration and least-privilege scopes. - Prefer to run without 'autonomous' outreach enabled until you know exactly how messages will be sent and have reviewed templates. - Confirm where the 'researcher' sources leads from (public web scraping, third-party data providers, internal systems) and ensure legal/privacy compliance. - Restrict the skill's filesystem access to a sandboxed campaigns/ directory and review logs/output before any network sends. - If you need higher assurance, request an implementation (code or connector list) or a provenance statement. More info that would raise confidence: explicit list of required environment variables/connector scopes, concrete command list for sending messages, and details on where lead data is sourced and stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk978dxjmjd94198br11y4cqnvs8482xn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments