PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: email-skill Version: 0.1.0 The `email_sender.py` script allows attaching arbitrary files from the local filesystem, which, while necessary for an email attachment skill, creates a significant data exfiltration vulnerability. If a malicious prompt or user input controls the `attachments` list, the OpenClaw agent could be instructed to attach sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and email them to an external, attacker-controlled address. This is a powerful capability that can be abused, classifying it as suspicious due to the potential for exploitation, rather than outright malicious intent within the skill's code itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are exposed or misused, someone could send email from the configured account.
The skill asks the user to provide SMTP account credentials or an app password so it can send email as that account. This is expected for an email-sending skill, but it is sensitive authority.
"username": "your-email@gmail.com", "password": "your-app-password"
Use a dedicated email account or app password, keep email_config.json out of version control, and rotate the password if it may have been exposed.
A mistaken recipient or attachment path could send a private file to the wrong person.
The implementation reads any user-supplied attachment path and includes that file in the outgoing email. This is purpose-aligned, but the user should review attachments before sending.
with open(filepath, 'rb') as f:
part.set_payload(f.read())Before sending, verify the recipient list, subject/body, and every attachment path, especially when the agent prepares the command.
Users may expect broader email-management features that are not present in the reviewed implementation.
The registry description advertises read/search/organize functionality, while the reviewed code only implements sending email. This appears to be an overbroad capability claim rather than hidden behavior.
Description: Email management and automation. Send, read, search, and organize emails across multiple providers.
Treat this reviewed version as a send-only SMTP helper unless additional reviewed files add mailbox reading or organizing features.