Skillv1.1.4

ClawScan security

Gmail-digester · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 9:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and SKILL.md legitimately require IMAP credentials and will read email content, but the registry metadata claims no required credentials — this mismatch and the sensitive data handling warrant caution.
Guidance: This skill will connect to an IMAP server and fetch unread messages; it requires IMAP_USERNAME and IMAP_PASSWORD (or a config file) even though the registry metadata claims no credentials — that's a red flag in the package metadata. Before installing or running: (1) verify the source/owner and prefer not to use your primary account password (use an app password or dedicated mailbox). (2) Understand that email bodies will be passed to the agent/model for summarization (sensitive content may be exposed to your LLM provider). (3) If you use a config file, ensure EMAIL_CONFIG_PATH points only to a file you control and contains only the expected fields. (4) Consider running this in an isolated environment or with a throwaway mailbox first. (5) Ask the publisher to correct the registry metadata to declare the required environment variables and to clarify any telemetry or external endpoints; lack of accurate metadata is the primary inconsistency here.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and included script clearly require IMAP credentials (IMAP_USERNAME, IMAP_PASSWORD) or an EMAIL_CONFIG_PATH config file. However the registry metadata above lists "Required env vars: none" and "Primary credential: none", which is inconsistent with the skill's stated purpose (fetching Gmail). Requiring IMAP creds is reasonable for this functionality, but the package/registry metadata failing to declare them is a serious coherence issue.
Instruction Scope: noteRuntime instructions are narrowly scoped: run the included Python script, parse its JSON output, and produce the digest message. The script will read an optional config file at ~/.config/gmail-summarize/config.json (or EMAIL_CONFIG_PATH) if env vars are not provided. Important privacy note: the agent is expected to summarize email bodies (translate one-sentence summaries into Chinese) — that means full or truncated email content will be provided to the agent/model for processing, which is exposure of sensitive data to the model/runtime.
Install Mechanism: okNo install spec — the skill is instruction+script only. Nothing is downloaded at install time; the only executable code is the included Python script.
Credentials: concernRequesting IMAP_USERNAME and IMAP_PASSWORD is proportionate for accessing a mailbox. The concern is that these required credentials are not declared in the registry metadata; additionally, the skill allows reading a config file from the user's home directory which may contain sensitive data if mispointed. Ensure you supply an app-specific password (not your primary Google password) and understand where the config file is read from.
Persistence & Privilege: okThe skill does not request persistent/always presence and does not modify other skills or system configs. It runs on-demand (user-invocable) and has normal agent invocation settings.