ClawHub

DELLIGHT CRO Revenue Operations

v1.0.0

Automation skill for DELLIGHT CRO Revenue Operations.

0· 689·0 current·0 all-time
byDELLIGHT@arthurelgindell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md content, and the provided roi_calculator.py align with a CRO/revenue-ops automation skill. The skill does not request unrelated credentials or binaries. However, SKILL.md instructs running scripts/pipeline_tracker.py and scripts/revenue_forecast.py which are not present in the file manifest — this is an unexplained gap.
!
Instruction Scope
SKILL.md stays within CRO/revenue scope (pipeline, pricing, ROI). It does not instruct the agent to read system files, environment variables, or post to unknown endpoints. The concerning part is the explicit instructions to run two scripts that are not included (pipeline_tracker.py and revenue_forecast.py). If the agent or integrator attempted to fetch or execute those absent scripts at runtime, that could expand the attack surface; as-is the missing files are an operational/integrity issue.
Install Mechanism
No install spec (instruction-only plus a small included script). That limits disk-writing/remote-code risks. The single included Python script is local, small, and contains no network or exec calls.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate to the described functionality and to the included roi_calculator.py.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not ask for permanent presence or to modify other skills. No additional privilege requests are present.
What to consider before installing
This package mostly looks like a legitimate CRO operations aid: the included roi_calculator.py is simple and safe to run locally. However, SKILL.md tells the agent to run two other scripts (scripts/pipeline_tracker.py and scripts/revenue_forecast.py) that are not included — that mismatch is the main red flag. Before installing or enabling this skill: 1) Ask the publisher for the missing scripts (or the full, canonical source). 2) Inspect any missing scripts for network calls, credential access, or obfuscated logic before running them. 3) If you must test now, run the included roi_calculator.py in an isolated environment (no network) to verify behavior. 4) If you enable autonomous invocation, be cautious: missing or remotely-fetched components could change the skill's behavior at runtime. If the publisher cannot justify or supply the absent files, treat the skill as incomplete and avoid using it in production.

Like a lobster shell, security has layers — review code before you run it.

c-suitevk97edfvs2d9gbj9peev7vvje7n815weadellightvk97edfvs2d9gbj9peev7vvje7n815wealatestvk97edfvs2d9gbj9peev7vvje7n815wearevenuevk97edfvs2d9gbj9peev7vvje7n815wea

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments