← Back to Skills Marketplace
269
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install outreach-demo
Description
Research a business website, produce a concise prospect report, recommend concrete OpenClaw use cases, and draft a tailored outreach email. Use when demonstr...
Usage Guidance
This skill appears to do what it says (generate briefs and email drafts), but there are some red flags you should address before using it:
- Do not assume required tools are installed: the scripts call 'gog' (a Gmail CLI) and Chromium for PDF output. Install and inspect those tools before running.
- Configure sender identity explicitly: set OUTREACH_SENDER_EMAIL / OUTREACH_SENDER_NAME or supply a config file and do NOT rely on the script's default ACCOUNT ([email protected]). Replace or remove any hardcoded defaults.
- Prevent accidental sends: require a manual approval step in your workflow or disable autonomous invocation for this skill. The code provides a send script but does not enforce the SKILL.md approval gate.
- Audit your local 'gog' configuration: the send script uses the GOG_ACCOUNT environment variable and will execute 'gog gmail send' which will send mail using whatever credentials are configured for that CLI.
- Validate attachment handling: ensure the attachment path/format matches what you intend (SKILL.md references attaching a PDF but some send script usage examples accept HTML). Verify you are attaching the correct, sanitized file.
If you need to proceed: update the metadata to declare required binaries/env vars, remove or change hardcoded defaults, and test the full flow in dry-run mode (send script supports --dry-run) before enabling any automatic or autonomous execution.
Capability Analysis
Type: OpenClaw Skill
Name: outreach-demo
Version: 1.0.0
The skill bundle facilitates business research and automated email outreach, but contains a significant security vulnerability in 'scripts/render_outreach_report_pdf.sh' by executing Chromium with the '--no-sandbox' flag. It also includes a hardcoded default sender email address ('[email protected]') in 'scripts/send_outreach_package.sh', which could lead to misattribution or unintended data exposure if not properly configured by the user. While the 'SKILL.md' instructions explicitly mandate an approval gate before sending emails, the technical vulnerabilities and hardcoded identifiers warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description match the included scripts (rendering reports, HTML email, PDF conversion, and a send script). However, send_outreach_package.sh hard-codes a default ACCOUNT ([email protected]) and the SKILL.md explicitly warns against hardcoding sender identity — that's an internal inconsistency and a potential surprise for users.
Instruction Scope
SKILL.md properly constrains actions (public website only, approval gate before sending). The code implements rendering and a separate send script, but there is no programmatic enforcement of the approval gate — sending is an explicit script invocation. The scripts read local files and may transmit content by calling a 'gog gmail send' command; if invoked (manually or by an autonomous agent), they will perform outbound network activity (email send).
Install Mechanism
There is no install spec (instruction-only), but multiple shipped scripts require external binaries: 'gog' (for gmail send) and a Chromium binary for PDF rendering. The registry metadata lists no required binaries; that omission is a mismatch and could cause runtime failures or unexpected external dependencies.
Credentials
The skill does not declare required env vars, yet the scripts read OUTREACH_DEMO_CONFIG, OUTREACH_SENDER_*, CHROME_BIN, and rely on a GOG_ACCOUNT environment variable when invoking the 'gog' CLI. Those environment hooks are reasonable for configuration, but they are not declared in the skill metadata and there is a hardcoded fallback email account in the send script — this is disproportionate to what the description promises and can leak surprising behavior (accidentally using someone else's default sender).
Persistence & Privilege
always is false and the skill does not request persistent privileges. However the skill can send email (via an external CLI) when invoked. Autonomous invocation is allowed by default on the platform; combined with the presence of a send script and default account, that increases the blast radius if an agent is permitted to call the send path without human confirmation. The code itself does not autonomously trigger sends.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install outreach-demo - After installation, invoke the skill by name or use
/outreach-demo - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release: website research, opportunity brief generation, HTML email + PDF brief, approval-gated send flow
Metadata
Frequently Asked Questions
What is Outreach Demo?
Research a business website, produce a concise prospect report, recommend concrete OpenClaw use cases, and draft a tailored outreach email. Use when demonstr... It is an AI Agent Skill for Claude Code / OpenClaw, with 269 downloads so far.
How do I install Outreach Demo?
Run "/install outreach-demo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Outreach Demo free?
Yes, Outreach Demo is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Outreach Demo support?
Outreach Demo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Outreach Demo?
It is built and maintained by lexAlex36 (@lexalex36); the current version is v1.0.0.
More Skills