ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

B2B SDR Agent

v3.6.0

Open-source B2B AI SDR template. 7-layer context system with 10-stage sales pipeline, 4-layer anti-amnesia memory, 13 automated cron jobs, WhatsApp IP isolat...

1· 289·1 current·1 all-time
by@ipythoning

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/b2b-sdr-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "B2B SDR Agent" (ipythoning/b2b-sdr-agent) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/b2b-sdr-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install b2b-sdr-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install b2b-sdr-agent
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a B2B SDR agent (OpenClaw integration, multi-channel outreach, memory stack). However the repository includes deployment scripts (deploy/*.sh, install.sh), ip-isolate.sh (Cloudflare WARP / wireproxy logic), MemOS/ChromaDB integration code, and auto-install instructions (Python, graphify) that would require credentials and system/network privileges. The registry metadata declares no required env vars or binaries, which is inconsistent with the documented requirements (MEMOS_API_KEY, AI model keys, WEBHOOK_SECRET, Cloudflare/WARP credentials, Gmail/Google credentials for mailbox scanning). These additional requirements are plausible for the described product, but they are not declared up-front — that's an incoherence the user should be aware of.
!
Instruction Scope
SKILL.md + ANTI-AMNESIA.md instruct the agent to: inject structured memory into the System Prompt, run post-conversation hooks or minute-level cron jobs, read and write MemOS via an API key (explicit code sample), store per-turn data into ChromaDB, trigger proactive compaction when tokens exceed thresholds, and run deployment scripts that auto-upload local skills and install packages. Documentation also references scanning Gmail and enabling webhook ingress. These instructions access and transmit potentially sensitive user data to external services, modify prompt/system context automatically, and run recurring background jobs — all beyond a simple 'instruction-only' helper. The docs include explicit automation of system-prompt injection and cron-based processing, which increases the risk surface.
!
Install Mechanism
Although declared as instruction-only (no install spec in registry), the repo contains multiple shell scripts (deploy/deploy.sh, install.sh, ip-isolate.sh, skills/*/deliver.sh) and JS modules that the deploy process will run. The changelog and README state deploy.sh auto-installs Python and third-party packages (graphify) and auto-uploads local skills. Running those scripts can write files, install software, and modify the OpenClaw workspace/gateway — effectively acting as an installer. There is no single trusted-release-url install mechanism in the registry metadata and no declaration of what the deploy scripts will do to the host, so executing them without review is risky.
!
Credentials
Registry metadata lists no required env vars, but repository docs and code explicitly reference multiple secrets and env vars: MEMOS_API_KEY, MEMOS_NAMESPACE, CHROMA_COLLECTION, WEBHOOK_SECRET (for webhook ingress), AI provider keys (OpenAI/Anthropic/Google), Cloudflare WARP/WireProxy credentials, and implied Gmail/Google credentials for mailbox scanning. This is a disproportionate set of credentials given the registry declaration. Several environment variables named in docs would grant broad access to external systems and stored customer data; they should be explicitly declared and justified before installation.
Persistence & Privilege
The skill is not marked always:true and can be user-invoked (normal). However deploy scripts claim to auto-upload and enable many local skills and to configure webhook endpoints and cron jobs. That means installing/running the repo can create persistent automation (scheduled jobs, webhooks, gateway endpoints) and modify workspace configuration. This persistent presence is plausible for a production SDR agent but requires explicit admin review and controlled secrets/allowlists before enabling.
Scan Findings in Context
[ignore-previous-instructions] unexpected: Pattern flagged in SKILL.md/ANTI-AMNESIA prompts. The repo does instruct injection of memory into system prompts and automated hooks; however a literal 'ignore previous instructions' injection pattern is suspicious for prompt-injection attempts and should be reviewed closely.
[system-prompt-override] expected: The skill explicitly instructs adding a dynamic 'Customer Memory Snapshot' into the System Prompt at conversation start (memory injection). That behavior explains the presence of this pattern, but automatic system-prompt injection is a high-impact action and should be approved/controlled by operators.
What to consider before installing
Do not run the deploy/install scripts or give secrets to this skill until you perform a manual audit. Actionable checks: - Verify what deploy.sh and install.sh will do: open the scripts and review every external network call, package install, and file-write. Run them only in an isolated VM or container. - Inventory required secrets: the repo references MEMOS_API_KEY, AI provider keys, WEBHOOK_SECRET, Cloudflare/WARP credentials, and implied Gmail access. Ask the publisher to list required env vars in registry metadata; do not provide high-privilege credentials (owner/root, primary Gmail) — create scoped service accounts with least privilege. - Review ip-isolate.sh carefully: wireproxy / WARP setup will change network routing and requires provider keys; ensure you trust the WARP account and understand tenant isolation design. - Audit data flows: the skill stores per-turn conversation data in external services (MemOS, ChromaDB). Confirm retention, encryption, and access controls meet your privacy/compliance needs. - Treat automatic system-prompt injection, cron jobs, and webhook endpoints as sensitive: require manual human approval before enabling cron/webhook ingress or automatic prompt modifications. - If unsure, run the code in an ephemeral sandbox (container) with no real secrets and monitor outbound connections before deploying to production. If you want, I can highlight specific lines in deploy scripts and the ANTI-AMNESIA/Memory API code that you should review first.
!
ANTI-AMNESIA.md:147
Prompt-injection style instruction pattern detected.
!
workspace/SOUL.md:59
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764pr2vc3rbmad0tvggzpszn84fq5n
289downloads
1stars
8versions
Updated 2w ago
v3.6.0
MIT-0
@ipythoning
latest
Download

B2B SDR Agent — AI Sales Development Representative

Turn any B2B export business into an AI-powered sales machine. Full-stack SDR that handles lead capture → qualification → follow-up → quoting → closing across WhatsApp, Telegram, and email.

7-Layer Context System

LayerFilePurpose
IdentityIDENTITY.mdCompany name, role, product catalog
SoulSOUL.mdPersonality, values, communication rules
WorkflowAGENTS.md10-stage sales pipeline with stage gates
UserUSER.mdOwner profile, ICP scoring, admin whitelist
HeartbeatHEARTBEAT.md13-item pipeline inspection (cron)
MemoryMEMORY.md4-layer anti-amnesia protocol
ToolsTOOLS.mdCRM, channels, integrations

Key Features

  • 10-Stage Sales Pipeline: Cold Lead → Engaged → Qualified → Proposal → Negotiation → Closed
  • 4-Layer Memory: L1 pinned context, L2 session KV, L3 vector search, L4 CRM snapshots
  • 13 Cron Jobs: Auto heartbeat, follow-up reminders, lead scoring, pipeline reports
  • Multi-Channel: WhatsApp, Telegram, Email — with channel-specific strategies
  • WhatsApp IP Isolation: Per-tenant Cloudflare WARP proxy for multi-tenant deployments
  • Human-Like Conversations: SDR humanizer skill for natural, trust-building messages
  • Operator Bilingual Mode (opt-in): English to customers + Chinese self-chat sync for non-English operators, enable via operator_bilingual: true in IDENTITY.md

Deploy

# One-click deploy
cp deploy/config.sh.example deploy/config.sh
# Edit config.sh with your server, API keys, and channel settings
./deploy/deploy.sh your-client-name

IP Isolation (Multi-Tenant)

Each tenant gets a unique Cloudflare exit IP so WhatsApp sees independent devices:

./deploy/ip-isolate.sh tenant-name

Architecture: tenant → wireproxy (SOCKS5, ~4MB) → WARP account → unique Cloudflare IP

Skills Included

  • sdr-humanizer — Human-like conversation rules
  • delivery-queue — Async message delivery with retry
  • lead-discovery — AI-driven lead search and ICP scoring
  • quotation-generator — PDF proforma invoice generation
  • chroma-memory — Per-turn conversation memory with ChromaDB
  • telegram-toolkit — Telegram-specific SDR strategies
  • graphify — Knowledge graph for product catalog, customer intelligence, and market research

Requirements

  • Linux server (Ubuntu 20.04+)
  • Node.js 18+
  • AI model API key (OpenAI, Anthropic, Google, etc.)
  • OpenClaw gateway

Links

Comments

Loading comments...