Skillv1.0.2

ClawScan security

Skulk Email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 5:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources match its stated purpose (reading via IMAP and sending via DreamHost Roundcube over HTTPS); there are no unexplained credentials, external endpoints, or risky install steps.
Guidance: This skill is consistent with its description, but keep these practical safety points in mind: - The script requires storing your mailbox password in plaintext in ~/.config/skulk-email/credentials.json. Ensure the directory (700) and file (600) permissions are applied and only use on machines you trust. Consider using an account with limited privileges or an app-specific password where supported. - The send flow automates a webmail login and scrapes tokens; it stores cookies in /tmp and attempts to clean them up on exit, but if the process is killed (SIGKILL) cookies may remain temporarily. Don’t run on multi-user systems where /tmp is shared without appropriate protections. - Webmail automation can be brittle (changes to the Roundcube UI could break it) and may run afoul of provider rate limits or terms of service if abused; avoid bulk sending and respect DreamHost/Gmail policies. - If you need stronger security, consider using an OAuth/app-password approach for Gmail and avoid storing long-lived plaintext passwords. - If you want additional assurance, review the script yourself or run it in a sandbox/VPS you control before linking any production mailbox.

Purpose & Capability: okName/description (DreamHost Roundcube send + IMAP read) align with the script's actions: it reads a local credentials JSON, uses imaplib for IMAP access (imap.dreamhost.com / optionally imap.gmail.com) and uses curl to log in and send via webmail.dreamhost.com. Required binaries (python3, curl, jq) are reasonable and documented.
Instruction Scope: okSKILL.md instructs the user to store credentials in ~/.config/skulk-email/credentials.json and run the provided script. The script only reads that file, contacts the documented DreamHost/Gmail endpoints, and writes temporary cookies to /tmp; it does not attempt to read other system files or exfiltrate data to unexpected endpoints.
Install Mechanism: okThere is no install spec (instruction-only plus an included script), so nothing is downloaded or installed by the skill itself. This minimizes install-time risk. The runtime dependencies are standard, documented binaries.
Credentials: okNo environment variables, no external API keys, and no unrelated credentials are requested. The only secret required is the mailbox password (DreamHost, and optionally a Gmail app password), stored in the explicitly-documented local JSON file. That storage method and permissions are described in SKILL.md.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-wide changes or modify other skills. It runs on-demand and performs its actions only when invoked.