ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Monetization Pipeline

v1.0.0

Designs and runs safe monetization workflows (lead research, outreach drafts, content-to-offer loops, reporting) using OpenClaw + n8n + communication channel...

1· 123·0 current·0 all-time
by@utromaya-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for utromaya-code/monetization-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Monetization Pipeline" (utromaya-code/monetization-ai) from ClawHub.
Skill page: https://clawhub.ai/utromaya-code/monetization-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install monetization-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install monetization-ai
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description describe lead discovery, outreach, and integrations with n8n/Telegram/Docs/Notion/Sheets. That purpose legitimately needs credentials and connector configuration (SMTP/API tokens, Telegram bot token, n8n webhook/API key, CRM/Notion/Sheets APIs). The skill declares no required env vars, binaries, or config paths, which is inconsistent: either the skill assumes pre-configured connectors (not documented) or it omits necessary access requirements. This omission reduces transparency about what the skill will need at runtime.
!
Instruction Scope
The SKILL.md instructs the agent to find leads (scraping/searching), generate outreach, send messages across email/chat/social, and move responses into CRMs/Notion/Sheets. Those are within the stated purpose, but they are potentially high-impact actions (sending outbound messages, scraping contact data). The file does include safety guardrails (require explicit confirmation for monetary actions, rate-limit outreach, audit trail), but it is vague about how approvals are to be obtained and how outbound channels are authenticated and throttled. It also references Telegram as command/control which could enable remote triggers if not tightly scoped.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That keeps filesystem/write risk low. There are no downloaded artifacts or third-party packages to evaluate.
!
Credentials
The SKILL.md clearly expects use of external services that require secrets (Telegram bot token, n8n credentials, email/SMTP or social API tokens, CRM/Notion/Sheets keys), yet requires.env and primary credential are empty. Requiring no credentials is disproportionate to the described functionality and reduces transparency: installers cannot easily audit what secrets the agent will need or how they will be used. The skill also does not document required scopes, least-privilege practices, or where to store tokens.
Persistence & Privilege
The skill does not request always:true and does not request modifying other skills or system-wide settings. It appears to be an on-demand instruction set. The default ability for the agent to invoke the skill autonomously (disable-model-invocation: false) is platform normal; combined with outbound messaging it increases potential impact but is not itself a misconfiguration in the skill metadata.
What to consider before installing
Before installing, get clarity from the publisher and require documentation of exactly which connectors and credentials the skill expects (Telegram bot token, n8n API key, email/SMTP or social API tokens, CRM/Notion/Sheets credentials). If you plan to use it: 1) provision dedicated, least-privilege API keys or service accounts and avoid reusing high-privilege tokens; 2) test in a sandbox account with rate limits and monitored audit logs; 3) require explicit human approval flows (the skill mentions a CONFIRM MONEY ACTION phrase — ensure the platform enforces this before any payment-related API calls); 4) confirm how Telegram command/control is scoped and lock it to trusted users; 5) prefer ephemeral or revocable tokens and document retention/rotation; and 6) avoid enabling autonomous invocation until you can verify the connectors and guardrails in a controlled test. If the publisher cannot provide a source repository or clearer credential/scope requirements, consider the skill suspicious and do not install it in production environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97596djg3359szqqp8qhks3q183dxaj
123downloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@utromaya-code
latest
Download

Monetization Pipeline

Goal

Turn agent activity into measurable revenue using controlled workflows.

Core Pipelines

  1. Lead Discovery
    • Find niche leads (web, communities, directories)
    • Normalize into a structured table (name, channel, need, priority)
  2. Offer Packaging
    • Generate tailored offer text and pricing options
    • Prepare concise outreach drafts
  3. Outreach Execution
    • Send only approved messages (email/chat/social)
    • Track replies and follow-ups
  4. Conversion Tracking
    • Move responses into CRM/Notion/Sheet
    • Weekly conversion report

Recommended Stack

  • OpenClaw for reasoning/orchestration
  • n8n for integrations and scheduled jobs
  • Telegram for command/control
  • Docs/Sheets/Notion for pipeline visibility

Safety Policy (Critical)

Never execute financial actions without explicit confirmation:

  • No transfers
  • No exchange orders
  • No card/payments
  • No irreversible account actions

Before any money-impacting action, require:

  1. Clear action summary
  2. Amount + destination
  3. User confirmation phrase: CONFIRM MONEY ACTION

Daily Command Set

  • run lead scan <niche>
  • draft 10 outreach messages for <offer>
  • show conversion report
  • prepare follow-ups for stale leads

Output Format

## Revenue Ops Snapshot
- Leads found: <n>
- Qualified: <n>
- Outreach sent: <n>
- Replies: <n>
- Estimated pipeline value: <amount>

## Highest-Leverage Action
- <single next action>

n8n Handoff Spec

For each workflow, define:

  • trigger
  • inputs schema
  • steps
  • output schema
  • retry policy
  • alert channel

Keep all workflows idempotent where possible.

Guardrails

  • No cold spam bursts; rate-limit outreach.
  • Respect platform rules and legal constraints.
  • Keep an audit trail for every outbound action.

Comments

Loading comments...