Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Campaign Management
v1.0.0Complete workflow for email marketing campaigns with conversion tracking and trial activation. Use when (1) Creating email campaigns, (2) Sending campaign em...
⭐ 0· 60·1 current·1 all-time
byToby Morning@urbantech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (email campaigns, tracking, trial activation) aligns with the actions in SKILL.md: building SQL schema, sending email via Resend, tracking clicks, and activating trials. Requiring a Resend API and DB access is expected for this purpose. However, the skill fails to declare any required environment variables or configuration for the Resend API key or database connections, which is inconsistent with its functionality.
Instruction Scope
SKILL.md instructs executing SQL (SELECT, INSERT, UPDATE) against users/subscriptions tables and performing trial activations (writing tier/status/trial_ends_at). It also contains runnable Python examples that read RESEND_API_KEY and call external API endpoints. These instructions direct reads and sensitive writes to a database and calls to an external service; the doc offers no guardrails (no mention of targeting a staging DB, transactional safety, idempotency checks, or explicit consent). That broad filesystem/DB/write scope is significant and not constrained by the skill metadata.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes installation risk because nothing is downloaded or written to disk by an installer.
Credentials
The SKILL.md references RESEND_API_KEY (via os.getenv) and implicitly requires DB connection/cursor/credentials for cur.execute, but requires.env and primary credential fields are empty. This mismatch is disproportionate: the skill needs secrets (API key and DB credentials) to function but asks for none in metadata. That omission prevents proper least-privilege review and may cause a user to unknowingly grant broad credentials to the agent.
Persistence & Privilege
always is false and autonomous invocation is allowed (default). Autonomous execution combined with instructions that perform database writes and external API calls increases potential impact, but autonomous invocation alone is normal. Still, because the skill performs privileged operations in its instructions, administrators should be cautious about allowing it to run without manual oversight.
What to consider before installing
This skill appears to do what it says (send emails, track clicks, activate trials) but the SKILL.md expects an API key and direct database access while the skill metadata declares no required secrets—this is the main red flag. Before installing or enabling: (1) ask the publisher to explicitly list required environment variables (RESEND_API_KEY, DB connection string/credentials) in the metadata; (2) do not give it production DB credentials—test first in a staging environment with limited-scope credentials; (3) ensure the RESEND_API_KEY is scoped/rotated and has rate limits applied; (4) require human approval or code review before the skill performs writes that change subscriptions or activate trials; (5) review all SQL for safety (injection, correct WHERE clauses, transactional semantics) and add logging/undo capability; (6) prefer providing least-privilege, role-scoped DB accounts and a separate email-sending API key scoped to the campaign sender. If the publisher cannot provide clear, matching metadata and safety controls, treat this skill as risky and avoid granting it access to sensitive credentials or production systems.Like a lobster shell, security has layers — review code before you run it.
latestvk97bf28khxrp0vma6jybj2zz9183g5jn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.