Skillv0.1.0

ClawScan security

Selzy Email Marketing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 9:59 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are internally consistent with an email-marketing integration: it only needs a Selzy API key and its SKILL.md confines actions to Selzy API calls and explicit user confirmation, but the package has no clear source/homepage and recommends adding the key to a global config which reduces confidence.
Guidance: This skill appears to do what it claims and only asks for a Selzy API key, but exercise normal caution before installing an instruction-only skill from an unknown source. Before use: (1) Prefer creating a restricted/test Selzy API key (if Selzy supports scopes/limits) and test against a small test list rather than real customers. (2) Do not allow autonomous, unconfirmed sends — require the agent to ask for explicit confirmation before createCampaign/sendCampaign. (3) If possible, avoid placing the API key in a global config file accessible to all skills; store it in a per-skill or least-privilege secret store and rotate the key after testing. (4) Verify the skill's provenance if you need higher assurance (author, homepage, or repo). (5) Follow the skill's safety checklist (call getLists, verify list_id and count) to avoid accidental single-recipient sends or account rate-limit/bans.

Review Dimensions

Purpose & Capability: okThe name/description (Selzy email campaigns, contacts, templates, stats) align with the declared requirement (SELZY_API_KEY) and the instructions only reference Selzy API endpoints. Minor transparency issue: metadata lists source/homepage as unknown/none and README states the skill is "already installed globally," which is plausible but reduces provenance confidence.
Instruction Scope: okSKILL.md and README confine runtime actions to Selzy's REST API (getLists, createEmailMessage, createCampaign, etc.), emphasize safety checks (always call getLists, verify list_id/contact count, explicit user confirmation) and rate limiting. The instructions do not ask the agent to read unrelated files, other environment variables, or send data to third-party endpoints outside Selzy. One caveat: the docs assert the skill "does not expose API key in logs" — that is a behavioral claim the platform/runtime must enforce; the instruction file itself cannot guarantee log handling.
Install Mechanism: okNo install spec and no code files beyond documentation (instruction-only). This is the lowest-risk install model: nothing is downloaded or executed by the skill itself.
Credentials: okOnly a single env var (SELZY_API_KEY) is required, which is appropriate for a REST API integration. Note: README suggests adding the API key to a global OpenClaw config (~/.openclaw/openclaw.json), which would expose the key to any other skill/process with access to that config — consider storing keys with least privilege or using per-skill scoped secrets if supported.
Persistence & Privilege: okalways is false and the skill is user-invocable; the skill can be invoked autonomously (platform default), which is expected for skills. Because the skill can create/send campaigns, ensure the agent is configured to require explicit confirmation before sends (the SKILL.md mandates this). There's no request to change other skills' configs or system-wide settings.