← Back to Skills Marketplace
merjua14

Cold Email Engine

by merjua14 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
330
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cold-email-engine
Description
Automated cold email outreach system with lead enrichment, personalized templates, drip sequences, and CAN-SPAM compliance. Use when building outbound sales...
README (SKILL.md)

Cold Email Engine

Automated outbound email pipeline: find leads → enrich contacts → send personalized emails → drip follow-ups.

Pipeline

  1. Source leads — from CSV, Google Sheets, API scraping, or manual input
  2. Enrich — find emails via website scraping, Hunter.io, or Apollo
  3. Personalize — variable substitution in templates ({name}, {company}, {pain_point})
  4. Send — via Resend, SendGrid, or raw SMTP with rate limiting
  5. Drip — automated follow-ups at day 3 and day 7
  6. Track — log all sends, bounces, replies to CSV/Sheets

Requirements

  • Email provider API key — Resend (RESEND_API_KEY), SendGrid, or SMTP credentials
  • Verified sending domain — with SPF, DKIM, DMARC configured
  • Lead source — CSV file, Google Sheet ID, or API endpoint

Quick Start

# Set environment
export RESEND_API_KEY=your_key

# Send from CSV
node scripts/cold-email-engine.js --source leads.csv --template templates/default.txt --from "Name \[email protected]>"

# Dry run (no emails sent)
node scripts/cold-email-engine.js --source leads.csv --template templates/default.txt --dry-run

# Run drip follow-ups
node scripts/cold-email-engine.js --drip --days 3

Configuration

Edit scripts/config.json:

  • maxPerDay: Daily send limit per domain (default: 25)
  • delayBetweenMs: Delay between emails in ms (default: 3000)
  • dripDays: Follow-up schedule [3, 7] days after initial send
  • suppressionFile: Path to suppression/unsubscribe list
  • trackingFile: Path to send log

Templates

Templates use {variable} syntax. Available variables:

  • {first_name}, {last_name}, {email}
  • {company}, {website}, {city}, {state}
  • {pain_point} — auto-generated from website analysis
  • {sender_name}, {sender_title}

Template Example

Subject: {company} — quick question

Hi {first_name},

I noticed {company} {pain_point}. We help businesses like yours 
fix that in under a week.

Would it make sense to chat for 10 minutes this week?

{sender_name}
{sender_title}

Compliance

  • CAN-SPAM: physical address in footer, unsubscribe mechanism
  • GDPR: only email businesses (B2B exemption), honor removal requests
  • Rate limits: 25/day per domain, 3-second delay between sends
  • Suppression list checked before every send

Scripts

  • scripts/cold-email-engine.js — Main send engine
  • scripts/enrich-leads.js — Email finder from websites/domains
  • scripts/config.json — Configuration

References

  • See references/deliverability.md for domain warmup and inbox placement
  • See references/templates.md for proven email templates by industry
Usage Guidance
This package is plausibly a working cold-email tool, but it contains several inconsistencies you should understand before installing: - The registry metadata claims no required env vars, but the scripts require RESEND_API_KEY or SENDGRID_API_KEY at runtime (and the README mentions SMTP). Expect to provide API keys if you run it. The skill should have declared those env vars but didn't. - SKILL.md advertises Google Sheets, Hunter.io/Apollo, and raw SMTP support; the included code only implements CSV input, website scraping for emails, and Resend/SendGrid sending. If you need Sheets or vendor integrations, they are not present. - The enrichment script fetches arbitrary public websites to extract emails. This is expected for enrichment, but be aware of legal and ethical considerations (website scraping rules, terms of service, and privacy laws). Do not run it against harvested/purchased consumer lists or where scraping is prohibited. - The tool writes local files (suppression list, send log). Review those files and the code so you know what is stored locally. Run with --dry-run first to confirm behavior. - Verify any API keys you provide are scoped appropriately and rotate them after testing. Prefer using a dedicated sending account/domain you control, and ensure SPF/DKIM/DMARC are configured as advised. What would raise confidence: updated registry metadata declaring required env vars, removal or clear labeling of unimplemented features in SKILL.md (or addition of Sheets/Hunter/APIs in code), and explicit rate-limit, retry, and consent-enforcement code for compliance. If you want, I can list the exact lines to change or produce a minimal checklist to safely test this skill in an isolated environment.
Capability Analysis
Type: OpenClaw Skill Name: cold-email-engine Version: 1.0.0 The skill bundle provides a functional cold email outreach system, but contains a significant SSRF (Server-Side Request Forgery) vulnerability in `scripts/enrich-leads.js`. This script fetches content from URLs constructed directly from user-provided CSV data without validating the target domains, which could allow an attacker to probe internal network services or cloud metadata endpoints. Additionally, `scripts/cold-email-engine.js` uses un-sanitized CSV headers in a dynamic `RegExp` constructor for template substitution, creating a potential risk for Regular Expression Denial of Service (ReDoS).
Capability Assessment
Purpose & Capability
The name/description match the code: sending emails and enriching leads. However the SKILL.md advertises support for Google Sheets, Hunter.io, Apollo, and raw SMTP, while the included scripts only implement website scraping and sending via Resend or SendGrid. The registry lists no required env vars even though the code expects RESEND_API_KEY or SENDGRID_API_KEY (and mentions SMTP credentials). This mismatch between claimed capabilities and actual implementation is incoherent.
Instruction Scope
The runtime instructions describe sourcing leads from CSV/Sheets/APIs and enriching via vendor APIs or scraping. The code implements CSV I/O and a scraper (scripts/enrich-leads.js) that fetches arbitrary websites and extracts email addresses — behavior consistent with enrichment but potentially broad (network fetches across many domains). The SKILL.md promises Google Sheets and vendor integrations that are not present; it also claims compliance checks (CAN‑SPAM/GDPR) but enforcement is limited to a suppression file and suggested template requirements, not programmatic checks.
Install Mechanism
No install spec; this is instruction/code-only and nothing is automatically downloaded or extracted. That lowers installation risk — files are included in the skill bundle and run locally by the user.
Credentials
Registry metadata lists no required env vars but the code explicitly uses RESEND_API_KEY and SENDGRID_API_KEY and will need SMTP credentials if that path were implemented. The absence of declared required credentials is a mismatch that could mislead users into not providing required secrets or accidentally supplying the wrong ones. Otherwise, environment access appears limited to these API keys and normal filesystem/network access.
Persistence & Privilege
The skill is not always-on and does not request elevated agent privileges. It writes local logs/tracking files (send-log.csv, suppression.txt) in its directory but does not attempt to modify other skills or global agent configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cold-email-engine
  3. After installation, invoke the skill by name or use /cold-email-engine
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Automated outbound pipeline: CSV/Sheets leads, email enrichment, personalized templates, drip follow-ups, rate limiting, CAN-SPAM compliance
Metadata
Slug cold-email-engine
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Cold Email Engine?

Automated cold email outreach system with lead enrichment, personalized templates, drip sequences, and CAN-SPAM compliance. Use when building outbound sales... It is an AI Agent Skill for Claude Code / OpenClaw, with 330 downloads so far.

How do I install Cold Email Engine?

Run "/install cold-email-engine" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cold Email Engine free?

Yes, Cold Email Engine is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cold Email Engine support?

Cold Email Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cold Email Engine?

It is built and maintained by merjua14 (@merjua14); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments