mailbox.bot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent postal-mail API integration, but it gives an agent high-impact authority to automate real-world mail actions like forwarding, shredding, disposing, and sending letters.
Install only if you want an agent connected to real postal-mail infrastructure. Before using it, require human approval for destructive, forwarding, certified-mail, legal/tax, and paid actions; secure the API key; and keep notification/webhook destinations tightly controlled.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad rule or mistaken agent action could forward, destroy, return, or otherwise mishandle important postal mail, including legal or tax documents.
The skill exposes real-world mail actions, including destructive actions such as shredding and disposal, through an API that an agent can operate.
Actions via API — scan, forward, photograph, hold, shred, dispose, return to sender
Require explicit human approval for forwarding, shredding, disposal, return-to-sender, certified mail, and any paid outbound mail; use narrow rules, spending limits, and audit logs.
Automated instructions could take high-impact physical-mail actions without a fresh confirmation for each item.
The approval gate is described as rule-dependent, meaning automation may be the default unless the user explicitly marks rules as needing approval.
Standing instructions in a `MAILBOX.md` file let your agent automate everything. Write "needs approval" next to any rule and the action pauses until a human approves on the dashboard.
Default all destructive, outbound, and legal/tax-related actions to approval-required, and test automations first with hold/notify-only behavior.
Anyone or any agent with the API key may be able to control mailbox actions within the provider account.
The skill expects use of a provider API key, but the registry metadata lists no required environment variables or primary credential.
export MAILBOX_BOT_API_KEY="sk_live_xxxxxxxxxxxxx"
Store the API key securely, avoid pasting it into shared chats, rotate it if exposed, and prefer least-privilege or approval-limited keys if available.
Account creation involves personal information and a credential, followed by KYC and payment setup.
The signup flow asks the agent to submit an operator's identity details and password to the provider service.
"full_name": "Jane Smith", "email": "operator@example.com", "password": "securepassword123"
Only create accounts with explicit user consent, use a unique password, and let the human operator complete verification, KYC, and payment directly.
Sensitive mail details could persist and influence later handling decisions.
The skill stores persistent annotations and metadata about mail, which may include sensitive legal, financial, tax, or personal information.
Agent memory — tag and annotate mail with persistent notes and metadata
Keep persistent notes minimal, avoid storing secrets or unnecessary personal data, and periodically review or delete retained metadata.
Postal-mail information could appear in team chats, SMS, email, or webhook receivers depending on configuration.
Mail events and possibly sensitive mail metadata may be sent through multiple external notification channels.
Multi-channel notifications — webhooks, email, SMS, Slack, Discord
Use only trusted notification destinations, limit payload detail, verify webhook signatures, and avoid sending sensitive document contents to broad channels.