ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outclaw Style

v1.0.5

Learn the user's writing style per outreach channel (email, LinkedIn, Twitter/X, WhatsApp, Slack, SMS, Discord, Telegram — whatever is connected for this ten...

0· 31·1 current·1 all-time
by@milstan

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for milstan/outclaw-style.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Outclaw Style" (milstan/outclaw-style) from ClawHub.
Skill page: https://clawhub.ai/milstan/outclaw-style
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install milstan/outclaw-style

ClawHub CLI

Package manager switcher

npx clawhub@latest install outclaw-style
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the actions described: collecting outbound messages per channel, analyzing them, and saving per-channel style prompts. However, the SKILL.md references many external channel connectors (gmail/gog, linkedin-cli, slack-mcp-server, whatsapp-mcp-ts, telegram-mcp, discord-mcp, mac_messages_mcp, XActions/xurl, etc.) and local helper scripts (scripts/message_classifier.py, scripts/style_evaluator.py) that are not declared in the skill's requirements or provided in the bundle. Expectation that the agent/environment already has these connectors and scripts is plausible, but the skill should declare or bundle those dependencies; the omission is an incoherence the user should understand before installing.
!
Instruction Scope
Instructions explicitly direct the agent to read private outbound messages across many platforms and persist raw samples and learned prompts to disk and tenant memory. The SKILL.md also contains a contradiction: references/style-learning.md includes a 'User Confirmation' stage (present examples and get approval) while SKILL.md states the skill is auto-invoked silently by outclaw-plan (no user prompt) and will train one channel without user interaction. That discrepancy matters because the skill will collect and store sensitive communications; it's unclear whether and when users see or approve those samples. Additionally, the skill writes raw samples to kb/raw/ and to ~/.openclaw/outclaw/styles, which is consistent with training, but raises privacy/access questions that are not handled in the instructions.
Install Mechanism
This is an instruction-only skill with no install spec (lowest install risk). That said, it references local scripts (scripts/message_classifier.py, scripts/style_evaluator.py) and various external CLIs/agents that are not included. The lack of an install mechanism or declared dependencies is a gap — the runtime will fail or behave unpredictably unless those tools exist in the environment.
!
Credentials
The skill requests no environment variables or credentials in its metadata, yet its operational steps require access to many external services (Gmail, LinkedIn, Slack, WhatsApp, Telegram, Discord, SMS/iMessage, Bluesky, Twitter/X). Accessing those sources realistically requires API tokens, OAuth credentials, or platform connectors. The absence of declared required credentials or an explicit statement that separate connector skills manage them is an inconsistency. Also, the skill writes sensitive message contents to local files and tenant memory — this level of access is proportionate to the stated purpose but should be explicit so users can consent and secure credentials appropriately.
!
Persistence & Privilege
The skill persists learned prompts under ~/.openclaw/outclaw/styles/<tenant>/<channel>_style.md and stores raw samples under kb/raw/. It also writes memory entries (style_trained_<channel>, observations). Persistence and memory writes are consistent with training behaviour, but combined with silent auto-invocation (when called by outclaw-plan) this gives the skill the ability to read and store private messages without an interactive user prompt. 'always' is false (good), but the silent auto-run + storage of raw messages is a privacy/privilege concern that should be explicitly consented to and auditable.
What to consider before installing
Before installing or enabling this skill, check the following: 1) Dependencies and environment: Confirm where scripts/message_classifier.py and scripts/style_evaluator.py and the various channel connectors live. This skill expects local CLIs/agents (gmail 'gog', linkedin-cli, slack-mcp-server, whatsapp-mcp-ts, telegram-mcp, discord-mcp, mac_messages_mcp, XActions/xurl, bsky-mcp-server). If those are not present and managed by separate connector skills, the skill will fail or behave unexpectedly. Require that the skill metadata declare these dependencies. 2) Credentials and consent: The skill will access outbound messages across many platforms and persist raw messages to disk and memory. Ensure you (or your tenant admin) explicitly consent to that data access and that the required API tokens/connector credentials are provisioned and limited. If you don't want the skill to read certain message stores, do not grant those connectors. 3) User confirmation vs silent runs: Clarify whether the skill will present collected samples for user approval before training. The documentation contains a 'User Confirmation' step but SKILL.md also describes silent auto-invocation. If you require explicit approval before any message extraction or storage, require a policy change or configuration that disables silent auto-training. 4) Storage, retention, and protection: Verify where raw samples and style files are written (kb/raw/ and ~/.openclaw/outclaw/styles). Confirm file permissions, encryption-at-rest, retention policy, and whether tenant memory entries are accessible to other skills/agents. If these outputs contain sensitive PII, ensure they are protected or that you opt out. 5) Test in a sandbox: Run the skill first on a test tenant or with a limited account that has only non-sensitive test messages to confirm behavior, outputs, and logs. 6) Auditability: Ensure the platform logs when the skill is auto-invoked, what channels were accessed, and who approved access. If silent auto-invoke is unacceptable, require explicit user interaction or an admin override. If you cannot verify the above (where the helper scripts live, what connectors/permissions are used, and how stored data is protected), do not enable the skill in a production tenant. Addressing these gaps (declare dependencies/credentials, reconcile the confirmation flow, and add privacy/retention controls) would reduce the concerns identified.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎨 Clawdis
latestvk971ca46z6r3f8bmqtb5nvfts985f9xj
31downloads
0stars
6versions
Updated 3m ago
v1.0.5
MIT-0
@milstan
latest
Download

OutClaw — Style

Learns a per-channel style prompt for the current tenant and persists it at ~/.openclaw/outclaw/styles/<tenant>/<channel>_style.md. Each style prompt is what outclaw-plan uses to draft messages on that channel.

Resolver mandate

Before writing styles, memory entries, or any KB update, read shared/references/RESOLVER.md. Styles go in styles/<tenant>/<channel>_style.md. NEVER hand-craft a different path. A trained-style summary goes to tenant memory as type=user, key=style_trained_<channel> so outclaw-plan can find it quickly without re-reading the style file.

When this skill runs

  1. Explicit user requestlearn my style, retrain style for email.
  2. Auto-invoked, silent — when outclaw-plan builds a plan that includes a channel with no learned style for this tenant, it invokes this skill for that one channel, waits for completion, then continues. No user prompt. No interruption.

Prompt Learning Protocol (implements the user's gist)

The gist at https://gist.github.com/milstan/3b12f938f344f4ae1f511dd19e56adce prescribes:

  1. Sample collection — gather ≥20 outbound messages per channel (or ≥1 000 words / ≥10 pairs, whichever floor is higher). If fewer are available, work with what you find; mark confidence accordingly. Do not fabricate samples.
  2. Analysis — a thinking model identifies dimensions of quality, structural/stylistic patterns, anti-patterns the samples avoid.
  3. Candidate prompt — direct, actionable instructions ("Write sentences that average 12-18 words"), target 500-2 000 words, with an explicit Avoid section.
  4. Iteration loop (5 cycles default) per channel:
    • Generate test output with moderate temperature (0.6-0.8)
    • Evaluate against dimensions (0-100 LLM judgments)
    • Track best-of-N
    • Refine (lower temperature 0.2-0.4, focus on lowest-scoring dimensions)
  5. Output: learned prompt + best score + iteration number + dimensions
    • conformity log. Save to ~/.openclaw/outclaw/styles/<tenant>/<channel>_style.md with YAML frontmatter (tenant, channel, trained_at, sample_count, best_score, best_iteration, dimensions).

See references/style-learning.md for the detailed steps and agents/style-learner.md for the delegated sub-agent spec.

Per-channel sources (which tools to use)

For each channel we care about, list where outbound samples can be read from. The agent picks only channels this tenant has ready in the capability map (capabilities/<tenant>.json).

ChannelSample source
Gmailgog gmail messages search "from:me" --max 50
LinkedInlinkedin-cli posts --author me --max 50 (if connected) or export
Twitter/XXActions or direct API via xurl
Slackslack-mcp-server message history where sender=me
WhatsAppwhatsapp-mcp-ts conversation export, filter author=me
Telegramtelegram-mcp sent messages
Discorddiscord-mcp messages where author=me
iMessage/SMSmac_messages_mcp sent messages
Blueskybsky-mcp-server user posts

Flow

  1. Pick channels — from memory tool_inventory, enumerate channels that have a ready plugin AND a sample source. Skip channels with no connected plugin entirely (no point training).

  2. For each selected channel, run a sub-task: a. Pull outbound samples via the channel's plugin. Write raw samples to kb/raw/style-<tenant>-<channel>-<ts>.jsonl (NOT into the KB's people/orgs — this is training data, filed under raw/). b. If the sample count is <20 or <1 000 words, log a memory observation and proceed anyway: {type: observation, key: "style_thin_<channel>", insight: "only <N> samples — learned prompt confidence will be lower", source: "observed", confidence: 6}. c. Two-stage classify: heuristic pre-filter (outbound, non-trivial length, not auto-reply) → LLM OUTREACH_COLD/FOLLOWUP/WARM vs. NOT_OUTREACH (see scripts/message_classifier.py). d. Run the 5-iteration Prompt Learning Protocol (scripts/style_evaluator.py). e. Write the learned style to ~/.openclaw/outclaw/styles/<tenant>/<channel>_style.md. f. Log: {type: user, key: "style_trained_<channel>", insight: "<channel> style trained; score <N>/100; <K> samples", source: "observed", confidence: <N/10>}.

  3. If auto-invoked (from outclaw-plan): do ONE channel (the one requested), silent, then return to the caller. NEVER ask the user for "preferred tone" or "desired format" — the whole point of this skill is that we infer style from samples. If a channel has no outbound samples at all (e.g. user just connected Discord today), log an observation: {type: observation, key: "style_nosamples_<channel>", insight: "no outbound samples on <channel>; using neutral template", source: "observed", confidence: 6} and emit a minimal neutral template at styles/<tenant>/<channel>_style.md with sample_count: 0, best_score: null, and a generic "direct, concise, warm-professional" prompt. Return to caller.

  4. If user-invoked: show a compact report — which channels were trained, best score each, sample count, confidence.

Filing rules (RESOLVER-compliant)

  • Style prompt: styles/<tenant>/<channel>_style.md — NEVER kb/styles/*, NEVER kb/me/styles/*.
  • Raw outbound samples (the training data): kb/raw/style-<tenant>-<channel>-<ts>.jsonl.
  • Summary for fast lookup: tenant memory, type=user, key=style_trained_<channel>.
  • Do NOT put learned styles in kb/me/self.md — voice description there is for context, the style prompt lives separately.

Consent

Sample collection is a one-time opt-in, captured during outclaw-setup Step 2 as a memory preference entry. If no consent entry exists when this skill runs:

  • Explicit invocation: ask once, record the decision.
  • Auto-invocation from plan: proceed only if the tenant has an opt-in style_consent entry. If missing, log an observation and fall back to a neutral template style. Never silently scrape without consent.

Output format (style prompt file)

---
tenant: outclaw
channel: gmail
trained_at: 2026-04-22T12:00:00Z
sample_count: 42
best_score: 82
best_iteration: 3
dimensions: [sentence_length, formality, personalization, cta_style, structure, tone, greeting_pattern, signoff_pattern]
conformity_log:
  - {iter: 1, score: 64}
  - {iter: 2, score: 71}
  - {iter: 3, score: 82}
  - {iter: 4, score: 80}
  - {iter: 5, score: 78}
---

# Gmail style — outclaw (tenant)

## Instructions
<the learned prompt — 500-2000 words, direct + actionable>

## Avoid
- <anti-pattern 1>
- <anti-pattern 2>

## Reference samples
- <path>/raw/style-outclaw-gmail-<ts>.jsonl (not included verbatim here;
  pointer only)

This format lets outclaw-plan parse the "Instructions" section directly into the draft-generation prompt.

Comments

Loading comments...