CEO小茂能力包
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent outreach automation bundle, but it can use business email, WhatsApp, and AI-agent credentials to send messages automatically with limited approval and scoping safeguards.
Install only if you are comfortable giving this bundle access to your business email, WhatsApp/Green API, and OneABC credentials. Start with test accounts and small recipient lists, verify all service URLs, review generated messages before enabling auto-reply, and keep the workspace state files in a private location.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with real WhatsApp credentials, the skill may send AI-generated business messages or product files to customers or newly discovered contacts without the user reviewing each message.
The assistant is designed to automatically monitor WhatsApp contacts and send replies/files, which is high-impact outbound communication without visible per-message approval or recipient scoping.
WhatsApp 全自动跟单增强版 ... 3. 📄 发送产品图册 PDF ... 7. 🔍 自动发现新联系人 → 主动监听起来
Use a test account first, add explicit contact allowlists, dry-run/preview mode, send limits, and human approval before enabling unattended replies or file sending.
Customer messages or image context could be processed by an unknown agent configuration, and that agent's output may drive external WhatsApp replies.
Customer-derived prompts are passed to a configurable OpenClaw agent, but the artifacts do not define that agent's identity, tools, data boundaries, or validation before replies may be sent onward.
[openclaw_bin, 'agent', '--agent', AI_AGENT, '--message', prompt_text, '--timeout', '25']
Bind this workflow only to a reviewed, least-privilege agent; sanitize untrusted customer input; log prompts/outputs; and require approval before sending generated replies.
Compromise or misuse of these credentials could send messages, emails, or model requests under the user's business accounts.
These environment variables grant access to email, model API, and WhatsApp/Green API accounts. This is expected for the stated integrations, but it is sensitive authority.
`MAIL_ACCOUNT`, `MAIL_CREDENTIAL`; `ONEABC_ACCESS_CREDENTIAL`; `GREEN_API_URL`, `GREEN_API_INSTANCE_ID`, `GREEN_API_CREDENTIAL`
Use dedicated accounts or app-specific tokens, keep credentials out of files, verify service URLs, rotate tokens, and limit account permissions where possible.
Customer/contact data and assistant state can remain on disk and be reused in later sessions.
The workspace initializer creates persistent state files for customer lists, notifications, and reply state.
'.known_customers.json' ... '.boss_notifications.json' ... '.auto_state_v3.json'
Store the workspace in a protected directory, periodically review/delete state files, and avoid placing sensitive customer data in shared folders.
Users may need to install local dependencies manually, and there is less provenance assurance for the included automation code.
The bundle includes runnable scripts but no install specification, dependency pinning, or source provenance.
Source: unknown ... No install spec — this is an instruction-only skill.
Review the scripts before use and install dependencies from trusted, pinned sources in an isolated environment.