Agnic Agent Email
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent email-integration skill, but it can read and send agent email through an external CLI and needs Agnic authentication, so users should review credentials and outgoing messages.
This skill appears appropriate if you want your agent to manage an Agnic email address. Before installing, make sure you trust the external Agnic CLI, protect any AGNIC_TOKEN or login session, and manually review outbound emails before they are sent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can send or reply to email as the agent identity if the user asks it to do so; an incorrect recipient, subject, or body could be delivered externally.
The skill permits Bash execution of Agnic email commands, including sending and replying to email. This is central to the skill's purpose and the file includes validation guidance, but mistakes could still send unwanted messages.
allowed-tools: - "Bash(npx agnic@latest status*)" - "Bash(npx agnic@latest email *)" ... npx agnic@latest email send --to <address> --subject "<subject>" --body "<body>" ... Do not pass unvalidated user input into the command.
Before sending or replying, confirm the exact recipient, subject, and body, and keep the documented input validation in place.
Anyone or any process with the token may be able to use the agent's Agnic email capabilities.
The skill requires an Agnic token or login to access the agent email account. That credential use is expected for this integration, but it grants identity-backed access to send and read email.
If not authenticated: - **Headless (CI/server/agent)**: Set `AGNIC_TOKEN` env var or pass `--token <token>` - **Interactive (has browser)**: Run `npx agnic@latest auth login`
Use the least-privileged Agnic token available, avoid pasting secrets into chat transcripts, and revoke or rotate the token if it is exposed.
Future changes to the external package could affect what runs when the skill is used.
The runtime behavior depends on the external `agnic` npm package at the moving `latest` version, which is not bundled or pinned in the reviewed artifacts.
Use `npx agnic@latest email` commands to manage it.
Prefer a pinned, trusted CLI version when possible, and only run it in an environment where the Agnic package source is trusted.
Sensitive information in messages may remain available for the stated retention period, and incoming messages should not be treated as trusted instructions.
Email content is retained by the provider and may be retrieved into the agent's working context. This is disclosed and purpose-aligned, but email messages can contain sensitive or untrusted content.
- Emails are stored with **30-day retention** - Inbox returns most recent messages first
Avoid sending highly sensitive content unless the retention is acceptable, and treat email bodies as data rather than commands.