ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Real-Time Sales Coach

v1.0.0

Real-time sales coaching during live meetings — objection handling, talking points, buying signals, negotiation tactics. Draws from SPIN Selling, Challenger...

0· 64·1 current·1 all-time
by@shawnshenopeninterx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description (real-time sales coaching) match the instructions: detecting buying signals, offering short coaching cards, and using sales frameworks. References to HubSpot, email threads, prior meeting notes, and public research are reasonable sources for this purpose.
Instruction Scope
SKILL.md directs the agent to load live transcript chunks and external context (HubSpot deal/contact info, Outlook email threads, Fathom notes, web research) and to generate concise coaching cards — all within the claimed scope. However the instructions are broad about which data to pull and where to store/send post-meeting reports (no explicit destinations or retention rules), giving the agent latitude to read sensitive data and produce downstream summaries; that should be confirmed with the platform's connector/auth model and with the user.
Install Mechanism
This is instruction-only with no install spec or code to download. That minimizes installation risk — nothing will be written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, yet the runtime instructions assume access to HubSpot, Outlook, Fathom, and meeting transcripts. Access to CRM and email is proportionate to the skill's purpose, but the absence of declared credentials/config is a gap: confirm how the agent will obtain these connectors and limit scopes (read-only, per-deal access) to avoid overexposure of email/CRM data.
Persistence & Privilege
No 'always:true' or other elevated persistence is requested. The skill does not declare modifying other skills or system-wide settings. It does imply per-meeting reporting, but does not request extraordinary system privileges.
Assessment
This skill appears to do what it says — live sales coaching using CRM, email, and meeting transcripts — but exercise caution before enabling it. Key checks: (1) Source and provenance: the skill has no homepage and an unknown source — prefer reviewed/known authors. (2) Data access: confirm how HubSpot/Outlook/Fathom connectors are authorized and that scopes are minimal (read-only, limited to relevant deals/threads). (3) Data handling and retention: ask where coaching outputs and post-meeting MEDDIC reports are stored, who can read them, and how long they're retained. (4) Compliance: verify this usage is allowed for any PII or confidential customer data in your org. (5) Test in staging: try with non-sensitive meetings first and review logs/audit trails. If you cannot confirm connectors, storage, and access scopes, treat this skill as higher-risk and do not enable it for sensitive meetings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97858bbb7z57efsy6tfz3kw9s83mp2c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments