PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward email-sending helper, but it needs email credentials and can send selected files as attachments.
Use this only with an email account you are comfortable automating. Prefer an app password or dedicated sending account, store email_config.json securely and out of git, and review recipients and attachments before allowing the agent to send.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are exposed or misused, someone could send email from the configured account.
The skill asks the user to provide SMTP account credentials or an app password so it can send email as that account. This is expected for an email-sending skill, but it is sensitive authority.
"username": "your-email@gmail.com", "password": "your-app-password"
Use a dedicated email account or app password, keep email_config.json out of version control, and rotate the password if it may have been exposed.
A mistaken recipient or attachment path could send a private file to the wrong person.
The implementation reads any user-supplied attachment path and includes that file in the outgoing email. This is purpose-aligned, but the user should review attachments before sending.
with open(filepath, 'rb') as f:
part.set_payload(f.read())Before sending, verify the recipient list, subject/body, and every attachment path, especially when the agent prepares the command.
Users may expect broader email-management features that are not present in the reviewed implementation.
The registry description advertises read/search/organize functionality, while the reviewed code only implements sending email. This appears to be an overbroad capability claim rather than hidden behavior.
Description: Email management and automation. Send, read, search, and organize emails across multiple providers.
Treat this reviewed version as a send-only SMTP helper unless additional reviewed files add mailbox reading or organizing features.