Morning Email Rollup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read selected Gmail messages and today's Google Calendar events for the configured account.
The script uses an authenticated Google account through gog to read calendar events, search Gmail, and fetch message contents. This matches the skill purpose, but it is sensitive delegated account access.
CALENDAR_EVENTS=$(gog calendar events primary --from "$TODAY" --to "$TOMORROW" --account "$GOG_ACCOUNT" ...) IMPORTANT_EMAILS=$(gog gmail search 'is:important OR is:starred newer_than:1d' --max 20 --account "$GOG_ACCOUNT" --json ...) email_data=$(gog gmail get "$thread_id" --account "$GOG_ACCOUNT" ...)
Use only with a Google account you intend to expose to this rollup, confirm gog is authenticated to the right account, and review the Gmail search criteria and MAX_EMAILS limit.
Email text and generated summaries may be processed by Gemini and shown in a Telegram-style delivery channel.
The documentation discloses that email bodies are sent to Gemini for summarization and that the resulting rollup is delivered through Telegram/Clawdbot messaging. This is purpose-aligned but moves sensitive email-derived content through external services.
Sends to `gemini --model gemini-2.0-flash` with a prompt to summarize in 1 sentence ... **Important:** The email body is passed as part of the prompt ... Delivers formatted summary to Telegram
Avoid using this on highly confidential mail unless Gemini and the delivery channel are approved for that data; consider narrowing the Gmail query to trusted labels or senders.
If you add the cron job, the skill will keep running every morning until you disable or remove the scheduled job.
The skill documents a recurring cron schedule that runs the rollup daily. This is expected for a morning rollup and is user-directed, but it creates ongoing automated access to account data.
cron add --name "Morning Email Rollup" --schedule "0 8 * * *" --tz "America/Denver" --session isolated --message "GOG_ACCOUNT=your-email@gmail.com bash /path/to/skills/morning-email-rollup/rollup.sh"
Only add the cron job if you want recurring automation; use cron list/update/remove controls to monitor or stop it.
You have less external provenance information to help decide whether to trust the script with email and calendar access.
The provided artifacts include the full script and no remote installer, but the registry does not provide an upstream source or homepage for provenance.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included rollup.sh before enabling it, and install only if you trust the publisher and the visible script behavior.