ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mail Invoice Archiver

v1.0.0

Read supported mailbox providers such as 126, 163, and Gmail, identify invoice attachments or invoice download links, archive invoices by month, deduplicate...

0· 41·0 current·0 all-time
byAmo@amortalsodyssey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements an IMAP-based invoice archiver for 126/163/Gmail and related delivery features (Feishu). Those capabilities justify reading mail and storing archive files and metadata. However the registry metadata claims no required credentials or config paths while the runtime clearly needs mailbox credentials (or system keychain access), may use environment variables, and reads/writes config under the user's home — the published metadata is incomplete.
Instruction Scope
SKILL.md instructs the agent to run the packaged Python CLI (doctor, setup, sync, report, deliver) and to prompt or guide the user through setup. The instructions stay within the stated purpose (setup, sync, report, pack). They explicitly require asking the user about credential storage and waiting for confirmation before proceeding, which constrains the agent's actions.
Install Mechanism
The registry declares no install spec / 'instruction-only', but the bundle contains substantial Python source (17 files). There is no automated installer, which reduces remote-install risk, but the packaging/metadata mismatch (instruction-only vs. included runtime code) is a transparency issue and warrants caution.
!
Credentials
Registry metadata lists no required environment variables or primary credential, yet the code expects mailbox credentials (via system keychain, env vars MAIL_INVOICE_ARCHIVER_EMAIL and MAIL_INVOICE_ARCHIVER_AUTH_CODE, or a config file), can read Feishu app_id/app_secret from env or ~/.config, and will write a local archive (~ /Documents/invoice-archive) and SQLite DB (~/.config state). The skill therefore needs secrets and home-directory access that are not declared in the registry entry — this is a meaningful mismatch.
Persistence & Privilege
The skill is not 'always:true' and does not auto-enable itself outside invocation. It will create persistent artifacts: archive files under ~/Documents/invoice-archive, a .state/index.sqlite3 DB, and may write config under ~/.config. It also integrates with OS system credential stores (macOS Keychain / Windows Credential Manager) and can make outbound network requests (IMAP and HTTP for link downloads and Feishu API). These privileges are reasonable for the described functionality but should be accepted consciously.
Scan Findings in Context
[pre-scan-none] expected: No regex-based scan flags were detected. That does not mean there are no risks: the code performs credential handling, network I/O (IMAP, HTTP downloads, Feishu token exchange), and filesystem writes, all of which require manual review.
What to consider before installing
Before installing or running this skill, note these concrete points: (1) The skill actually contains Python code and will ask for your mailbox credentials (email + auth code/app-password) and may store them in the system keychain, an env var, or a plain-text config file in your home directory — the registry metadata does not declare these needs. (2) It will create ~/Documents/invoice-archive and a SQLite index under that state dir; expect persistent files. (3) The runtime can follow download links found in emails (it will fetch arbitrary URLs), and can call Feishu if you provide app_id/app_secret; only provide these secrets if you trust the skill. (4) If you have concerns, prefer interactive 'prompt' auth (no persistence), or use provider-specific app passwords and limit exposure (avoid your primary Google password). Inspect the code (imap_client, system_credentials, feishu_delivery) or run the CLI's doctor/setup in a controlled environment first. If the packaging metadata (no required envs/configs) worries you, ask the publisher why credentials/config paths were omitted before granting access.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781bpq35gc9xgc7sbkfg33fd84rckk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments