ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Manage your tuta.com account

v1.0.0

Send, read, and manage emails via Tuta (formerly Tutanota) encrypted email service. Use when user asks to send emails, check inbox, read mail, or do any emai...

0· 103·0 current·0 all-time
byJay@aididmyhomework
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The script implements login, inbox, read, and send functionality against https://app.tuta.com/rest, which matches the skill description. However the registry metadata claims no required environment variables or config paths, while SKILL.md instructs the user to store TUTA_EMAIL and TUTA_PASSWORD in openclaw.json under skills.entries.tuta-mail.env. That metadata/requirements mismatch is a clear incoherence.
!
Instruction Scope
Runtime instructions tell the agent to save a session file containing access token and decrypted keys to /tmp/tuta_session.json and to store credentials in openclaw.json (agent config). Saving decrypted keys to disk and instructing to place plaintext credentials into the agent config increases exposure and is not declared in the skill metadata. The instructions also require installing Python crypto packages and use an undocumented REST API — understandable for this functionality but worth noting.
Install Mechanism
This is an instruction-only skill with an included Python script. There is no formal install spec; the SKILL.md recommends pip installing dependencies. That is a moderate-risk, common pattern for script-based skills but means code will be executed locally and dependencies installed at runtime.
!
Credentials
The client legitimately needs the user's Tuta email and password, which the SKILL.md requests as TUTA_EMAIL and TUTA_PASSWORD. However the registry metadata lists no required env vars or primary credential and declares no required config paths. The SKU asks to persist decrypted passphrase_key and group keys in the session file (sensitive material). The credential storage and lack of metadata declaration are disproportionate/ inconsistent.
Persistence & Privilege
always:false and model invocation allowed (defaults) — normal. The SKILL.md asks the user to write credentials into openclaw.json (agent config) and to persist a session file under /tmp; writing its own session file is normal for a client, but storing sensitive decrypted keys in a broadly accessible file and modifying agent config without the metadata declaring config usage increases the risk profile.
What to consider before installing
This skill mostly does what it says (a Tuta client), but there are multiple red flags you should resolve before installing: 1) The registry metadata does not declare the TUTA_EMAIL/TUTA_PASSWORD env vars or the config path even though SKILL.md instructs you to store credentials in openclaw.json — ask the publisher to correct the metadata. 2) The script and instructions persist decrypted keys and the passphrase_key in a session JSON file; avoid storing plaintext credentials or decrypted keys where other processes or users can read them. 3) The SKILL.md suggests pip-installing crypto libraries; review those installs and prefer using a virtualenv or sandboxed environment. 4) The included Python file (as provided) contains a likely syntax/truncation error during session loading — ask for a clean, reviewed release and verify the code before running. 5) Because this uses an undocumented API, the client may break or behave unexpectedly; prefer official/ documented integrations when possible. If you still want to use it, test in an isolated environment, don't reuse your primary password (consider app-specific password if supported), and request that the author: (a) declare required env/config in the registry metadata, (b) remove writing raw decrypted keys to disk or protect them with OS-level permissions/encryption, and (c) provide a signed, reviewed release.

Like a lobster shell, security has layers — review code before you run it.

latestvk978adr6sjj7ej8mn8rqwzx2bd832h0p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments