← 返回 Skills 市场
269
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install outreach-demo
功能描述
Research a business website, produce a concise prospect report, recommend concrete OpenClaw use cases, and draft a tailored outreach email. Use when demonstr...
安全使用建议
This skill appears to do what it says (generate briefs and email drafts), but there are some red flags you should address before using it:
- Do not assume required tools are installed: the scripts call 'gog' (a Gmail CLI) and Chromium for PDF output. Install and inspect those tools before running.
- Configure sender identity explicitly: set OUTREACH_SENDER_EMAIL / OUTREACH_SENDER_NAME or supply a config file and do NOT rely on the script's default ACCOUNT ([email protected]). Replace or remove any hardcoded defaults.
- Prevent accidental sends: require a manual approval step in your workflow or disable autonomous invocation for this skill. The code provides a send script but does not enforce the SKILL.md approval gate.
- Audit your local 'gog' configuration: the send script uses the GOG_ACCOUNT environment variable and will execute 'gog gmail send' which will send mail using whatever credentials are configured for that CLI.
- Validate attachment handling: ensure the attachment path/format matches what you intend (SKILL.md references attaching a PDF but some send script usage examples accept HTML). Verify you are attaching the correct, sanitized file.
If you need to proceed: update the metadata to declare required binaries/env vars, remove or change hardcoded defaults, and test the full flow in dry-run mode (send script supports --dry-run) before enabling any automatic or autonomous execution.
功能分析
Type: OpenClaw Skill
Name: outreach-demo
Version: 1.0.0
The skill bundle facilitates business research and automated email outreach, but contains a significant security vulnerability in 'scripts/render_outreach_report_pdf.sh' by executing Chromium with the '--no-sandbox' flag. It also includes a hardcoded default sender email address ('[email protected]') in 'scripts/send_outreach_package.sh', which could lead to misattribution or unintended data exposure if not properly configured by the user. While the 'SKILL.md' instructions explicitly mandate an approval gate before sending emails, the technical vulnerabilities and hardcoded identifiers warrant a suspicious classification.
能力评估
Purpose & Capability
The name/description match the included scripts (rendering reports, HTML email, PDF conversion, and a send script). However, send_outreach_package.sh hard-codes a default ACCOUNT ([email protected]) and the SKILL.md explicitly warns against hardcoding sender identity — that's an internal inconsistency and a potential surprise for users.
Instruction Scope
SKILL.md properly constrains actions (public website only, approval gate before sending). The code implements rendering and a separate send script, but there is no programmatic enforcement of the approval gate — sending is an explicit script invocation. The scripts read local files and may transmit content by calling a 'gog gmail send' command; if invoked (manually or by an autonomous agent), they will perform outbound network activity (email send).
Install Mechanism
There is no install spec (instruction-only), but multiple shipped scripts require external binaries: 'gog' (for gmail send) and a Chromium binary for PDF rendering. The registry metadata lists no required binaries; that omission is a mismatch and could cause runtime failures or unexpected external dependencies.
Credentials
The skill does not declare required env vars, yet the scripts read OUTREACH_DEMO_CONFIG, OUTREACH_SENDER_*, CHROME_BIN, and rely on a GOG_ACCOUNT environment variable when invoking the 'gog' CLI. Those environment hooks are reasonable for configuration, but they are not declared in the skill metadata and there is a hardcoded fallback email account in the send script — this is disproportionate to what the description promises and can leak surprising behavior (accidentally using someone else's default sender).
Persistence & Privilege
always is false and the skill does not request persistent privileges. However the skill can send email (via an external CLI) when invoked. Autonomous invocation is allowed by default on the platform; combined with the presence of a send script and default account, that increases the blast radius if an agent is permitted to call the send path without human confirmation. The code itself does not autonomously trigger sends.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install outreach-demo - 安装完成后,直接呼叫该 Skill 的名称或使用
/outreach-demo触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release: website research, opportunity brief generation, HTML email + PDF brief, approval-gated send flow
元数据
常见问题
Outreach Demo 是什么?
Research a business website, produce a concise prospect report, recommend concrete OpenClaw use cases, and draft a tailored outreach email. Use when demonstr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 269 次。
如何安装 Outreach Demo?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install outreach-demo」即可一键安装,无需额外配置。
Outreach Demo 是免费的吗?
是的,Outreach Demo 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Outreach Demo 支持哪些平台?
Outreach Demo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Outreach Demo?
由 lexAlex36(@lexalex36)开发并维护,当前版本 v1.0.0。
推荐 Skills