Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mail Skill
v0.1.0支持发送、接收和管理邮件,自动安装 mail-mcp,支持附件、邮箱文件夹操作及邮件标记功能。
⭐ 0· 301·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (IMAP/SMTP mail management) matches the instructions and helper tool (mail-mcp). However the registry metadata lists no required environment variables or primary credential even though the SKILL.md clearly requires IMAP/SMTP credentials (EMAIL_USER, EMAIL_PASSWORD, IMAP_HOST, SMTP_HOST, etc.). That omission is inconsistent.
Instruction Scope
SKILL.md stays within the mail-management scope (install mail-mcp, configure mcporter, call mail-mcp commands). It does instruct the user to add sensitive credentials into ~/.mcporter/mcporter.json or environment variables, but it does not instruct reading unrelated system files or exfiltrating data. Still, instructions lack guidance about secure storage/permissions for those credentials.
Install Mechanism
There is no declared install spec in the registry, but an included install.sh runs pip install git+https://github.com/AdJIa/mail-mcp-server.git (with --break-system-packages). Installing directly from a GitHub repo is common but has higher risk than installing a vetted package; --break-system-packages can alter system Python state. The install script writes nothing else and otherwise is simple, but the absence of a formal install entry in metadata is inconsistent.
Credentials
The skill requires highly sensitive credentials (email account and password or app-specific password) to function, but the registry metadata does not declare any required env vars or a primary credential. The instructions suggest storing passwords in ~/.mcporter/mcporter.json (likely plaintext) without recommending secure handling or minimal-scoped credentials. This is disproportionate to how the skill is documented in the registry.
Persistence & Privilege
The skill is not always:true and does not request elevated or persistent platform privileges. It does not modify other skills' configs. Autonomous invocation is allowed (default) but is not combined with other strong red flags here.
What to consider before installing
This skill appears to implement mail send/receive via a helper (mail-mcp), but pay attention before installing:
- Sensitive credentials: You will need to provide an email account and password (or app password). The SKILL.md suggests placing these in ~/.mcporter/mcporter.json (likely plaintext). Prefer creating an app-specific or least-privileged account and avoid reusing primary credentials. Check file permissions (chmod 600) and consider using a credentials manager or environment variables scoped to a short-lived session.
- Install source: The included install.sh runs pip install directly from a GitHub repository. Inspect the upstream repository (https://github.com/AdJIa/mail-mcp-server) before running the installer. Run installs inside a virtualenv or container rather than system Python, and avoid --break-system-packages unless you understand the effect.
- Missing declarations: The registry metadata does not declare required env vars/primary credential. Ask the publisher to declare the required credentials explicitly and to document how credentials are stored and protected.
- What to do now: If you want to proceed, review the GitHub repo code, run the installer in an isolated environment, and use an app-specific mailbox/credentials. If you cannot audit the upstream code, treat this skill as higher risk and avoid supplying real account credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk975cgq9b55t3brqxesb0xn0ns82w0wk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.