Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Autopilot
v1.0.0A comprehensive AI agent skill that transforms your email from a source of stress into a managed system. Triages your inbox by urgency and importance, drafts...
⭐ 0· 268·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose requires access to a user's mailbox (read inbox, read sent mail history, send messages, modify subscriptions), yet the registry metadata declares no required credentials, no primary credential, and no config paths. Legitimately operating on email requires provider-specific credentials (OAuth tokens, API keys, IMAP/SMTP creds) and scopes; their absence is a mismatch.
Instruction Scope
The SKILL.md explicitly instructs the agent to 'read every unread email', 'read your sent mail history', track outgoing messages, perform unsubscribes, and run automatic daily briefings. These instructions are broad, vague about how access is obtained, and require the agent to collect and act on highly sensitive personal data. The prose grants wide discretion ('agent reads everything') rather than narrowly-scoped operations.
Install Mechanism
This is an instruction-only skill with no install steps and no code files, which reduces installation risk. However, lack of code does not eliminate risks arising from the instructions themselves or missing integration details.
Credentials
No environment variables or credentials are declared, but the skill's functionality clearly requires mailbox credentials and possibly tokens for third-party unsubscribe endpoints. The metadata underreports the sensitive access needed, which is disproportionate and suspicious.
Persistence & Privilege
always is false (good), and autonomous invocation is allowed (platform default). However, the skill's text describes automatic daily briefings and continuous follow-up tracking, implying recurring access or background monitoring that is not reflected in the metadata or explained (how will scheduling or webhook-based monitoring be handled?). That gap needs clarification.
What to consider before installing
Do not install or grant mailbox access until the developer provides concrete integration details. Ask for: 1) source code or homepage and a privacy/security policy; 2) exact authentication method and scopes (OAuth client, IMAP/SMTP, API endpoints) and proof that tokens are obtained via the provider's consent screen (not pasted into an env var you don't control); 3) a minimal permission mode (read-only inbox + draft creation but disallow auto-send) for testing; 4) an explanation of how automatic monitoring and follow-up tracking run (scheduling, webhooks, or agent persistence) and where data/logs are stored; 5) assurances that every outgoing message requires explicit word-for-word approval and a clear uninstall/revoke process. The current metadata is incomplete — this could be benignly sloppy, but it could also hide how mailbox credentials would be requested or used. If the author cannot answer these, treat the skill as high risk and avoid granting mailbox access.Like a lobster shell, security has layers — review code before you run it.
emailvk970epsbh2bkqsaevwfbj1pfr182fh6qinboxvk970epsbh2bkqsaevwfbj1pfr182fh6qlatestvk970epsbh2bkqsaevwfbj1pfr182fh6qproductivityvk970epsbh2bkqsaevwfbj1pfr182fh6qprofessionalsvk970epsbh2bkqsaevwfbj1pfr182fh6qrepliesvk970epsbh2bkqsaevwfbj1pfr182fh6q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.