Automatically logs into email accounts (Gmail, Outlook, QQ Mail, etc.) and generates daily email summaries. Use when the user wants to get a summary of their emails, check important messages, or create daily email digests.
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s email-summary purpose is clear, but it gives the agent broad access to logged-in email sessions and browser automation without tight scope or data-handling limits.
Install or use this only if you are comfortable giving the agent access to the selected mailbox and browser profile. Prefer a dedicated browser profile, avoid password entry through automation, review the external browser-use dependency, disable scheduled jobs when not needed, and do not use AI extraction on sensitive email unless you understand what data leaves your device.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could view private email available in the logged-in browser profile and may operate with the user’s email account privileges during the session.
The skill tells the agent to reuse an existing authenticated browser session for email. That grants access to sensitive mailbox identity/session state, and the artifacts do not clearly constrain which account/profile is used or enforce read-only handling.
确保已在浏览器中登录过邮箱(使用 real 模式可直接复用登录状态) ... browser-use --browser real open https://mail.google.com
Use a dedicated browser profile or test account, avoid typing passwords into automation, and require explicit user confirmation and clear account scope before any mailbox access.
If invoked too broadly, the agent could navigate, inspect, click, input, or run extraction code in a logged-in mailbox or other authenticated browser pages.
The wildcard browser-use permission plus documented JavaScript and Python execution gives broad control over authenticated browser pages, rather than a narrowly limited email-summary extraction tool.
allowed-tools: Bash(browser-use:*) ... browser-use eval ... browser-use python
Limit the allowed commands and workflow to specific read-only email-summary actions, and require explicit approval before opening accounts, entering credentials, running eval/Python, or interacting with messages.
Email senders, subjects, snippets, or message content could be exposed to an external AI/browser automation service if the extract mode is used.
The optional AI extraction flow may process sensitive email metadata/content through a provider-backed browser-use or AI service, but the artifacts do not define the provider boundary, retention, or privacy controls.
如果配置了 API Key,可以使用 AI 自动生成邮件摘要 ... browser-use extract "提取前 10 封邮件的发件人、主题和摘要,按重要性排序"
Do not use AI extraction for sensitive mail unless the provider, retention policy, and data sent are understood; prefer local/manual summaries or redact sensitive content first.
Private email information may remain on disk in screenshots, logs, or generated summaries after the task completes.
The workflow saves inbox screenshots and summary artifacts locally. This is aligned with generating a digest, but those files may contain private senders, subjects, and snippets and no retention/redaction policy is described.
OUTPUT_DIR="./email_summaries" ... browser-use screenshot "$OUTPUT_DIR/inbox_$DATE.png"
Store outputs in a protected folder, delete them when no longer needed, and avoid screenshots if email subjects or previews are sensitive.
The email summary process may run every day and write logs without the user actively starting it each time.
The skill documents creating scheduled cron/launchd jobs. This is disclosed and matches a daily digest use case, but it creates ongoing execution that can continue accessing email until removed.
0 9 * * * /path/to/email_daily_summary.sh >> /path/to/logs/email_summary.log 2>&1 ... launchctl load ~/Library/LaunchAgents/com.email.dailysummary.plist
Only enable scheduling if you want recurring access, keep the script path and logs protected, and document how to disable the cron or launchd job.
The security of the workflow depends on the externally installed browser-use package and its installed browser components.
The instruction-only skill relies on installing an external CLI and browser components, while the registry provides no install spec or pinned dependency context. The step is user-directed and purpose-aligned, but provenance should be checked.
uv pip install browser-use[cli] ... browser-use install
Install only from trusted sources, review the package/version, and avoid running the setup in an environment containing sensitive browser sessions until verified.