Skip to main content

ops-gtm

Generates comprehensive go-to-market plans across various channels, integrating marketing and sales strategies for effective execution.

Install this skill

or
0/100

Security score

The ops-gtm skill was audited on May 29, 2026 and we found 8 security issues across 2 threat categories, including 7 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 30

Template literal with variable interpolation in command context

SourceSKILL.md
301. **Preferences**: Read `${CLAUDE_PLUGIN_DATA_DIR:-$HOME/.claude/plugins/data/ops-ops-marketplace}/preferences.json`
high line 35

Template literal with variable interpolation in command context

SourceSKILL.md
352. **Cached plans**: List `${CLAUDE_PLUGIN_DATA_DIR}/gtm/*.md` to surface recent plans. Never overwrite a prior plan file — always append a new dated file.
high line 37

Template literal with variable interpolation in command context

SourceSKILL.md
373. **Daemon health**: Read `${CLAUDE_PLUGIN_DATA_DIR}/daemon-health.json`. If `action_needed` is not null, surface it before running any long planning flow.
medium line 52

Template literal with variable interpolation in command context

SourceSKILL.md
52```
high line 203

Template literal with variable interpolation in command context

SourceSKILL.md
2034. **Persist the plan** to `${CLAUDE_PLUGIN_DATA_DIR}/gtm/<project-slug>-$(date +%Y-%m-%d).md` (create the directory if missing). Never overwrite — if the file exists, append `-v2`, `-v3`.
high line 299

Template literal with variable interpolation in command context

SourceSKILL.md
299Fast path — does NOT spawn the four research agents. Just intake + a single call to write the brief. Fields: **ICP**, **Pain**, **Value prop**, **3 messaging pillars**, **Proof points**, **Anti-positi
high line 339

Template literal with variable interpolation in command context

SourceSKILL.md
339- **Rule 0 — public repo**: every example above uses `your-project`, `[email protected]`, `<YOUR_TOKEN>`. Never save user-specific data outside `$PREFS_PATH` or `${CLAUDE_PLUGIN_DATA_DIR}/gtm/`.
high line 46

Access to system keychain/keyring

SourceSKILL.md
465. **`/marketing` credential probe (read-only)**: Do NOT re-resolve API keys in this skill. Instead, when the user asks to launch something, delegate to `/marketing` via the Skill tool — `/marketing`
Scanned on May 29, 2026
View Security Dashboard
Installation guide →
GitHub Stars 3.0K
Rate this skill
Categorymarketing
UpdatedJune 10, 2026
openclawapigrowth-marketerproduct-marketermarketing-analystadvertising-specialistcontent-marketermarketing
davepoon/buildwithclaude