Email Sequence Builder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a normal email marketing copy generator, but it asks for broad local file and command access that is not clearly needed.
The skill appears to be an instruction-only email sequence generator with no code or credential requirements. Before installing, consider whether you are comfortable with its broad local tool permissions; ideally, restrict it to writing generated files under a chosen output folder and avoid allowing Bash, broad file reads, or edits unless you explicitly approve them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent may be allowed to inspect or modify local files or run shell commands even though the task is primarily content generation.
Write access is understandable because the skill says to save generated emails, but unrestricted read/search/edit access and Bash command execution are broader than needed for an email copy generation workflow and are not scoped in the instructions.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
Limit the skill to the minimum tools needed, such as Write for a specific output directory, and require explicit user approval before reading existing files, editing files, or running Bash commands.