ClawHub
Back to skill
v1.0.0

Outbound Prospecting Workflow

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:40 AM.

Analysis

This is a coherent instruction-only prospecting workflow that searches public web sources and drafts, but does not send, outreach emails.

GuidanceThis skill appears safe to use for drafting only. Before installing, make sure you are comfortable with the agent searching public web sources for company and contact information, and review both the gathered facts and any local memory instructions before using the drafted email.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Use `web_search` to find the company's official website... Use `web_fetch` on key pages... `site:linkedin.com [Company Name] CEO`

The skill relies on external web search and fetching public pages, including searches for company personnel. This is disclosed and directly aligned with the prospecting purpose.

User impactThe agent may collect public company facts and public names/titles to help draft an outreach email.
RecommendationUse it with a specific intended target company, review the gathered facts for accuracy, and keep the final email under human control.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
It follows the "Overseer Baseline" from MEMORY.md, operating in copilot mode only.

The skill points to stored instructions outside the visible SKILL.md. The visible text frames this as a copilot-only constraint, so this is a notice rather than a concern.

User impactIf the local MEMORY.md contains broader or conflicting instructions, it could influence how the workflow is interpreted.
RecommendationReview any local or workspace memory instructions and preserve the explicit no-send, human-review boundary.