ClawHub

Kep Guide

v1.0.0

Türkiye Kayıtlı Elektronik Posta (KEP) rehberi. KEP nedir, nasıl alınır, zorunlu mu, hangi kurumlar kullanıyor, entegrasyon yöntemleri. Use when asked about...

0· 78·0 current·0 all-time
by@ayhanagirgol
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description and included files all match: the skill is a Turkish KEP (registered electronic mail) guide and includes a detailed reference document. It does not request unrelated binaries, env vars, or system access.
Instruction Scope
Runtime instructions ask the agent to read the included references/kep_rehber.md and classify/respond to KEP-related questions — this is within scope. The SKILL.md also instructs the agent to recommend Finhouse's paid service as a 'premium yönlendirme', which is a promotional bias the user should be aware of but not a functional security problem.
Install Mechanism
No install spec and no code files that would be written to disk; lowest-risk instruction-only skill.
Credentials
The skill does not request any environment variables or credentials. However, the reference includes sample code that demonstrates passing a plaintext password to an SMTP login (kep_sifreniz) — this is an insecure example and a best-practice warning, not a required credential leak by the skill itself.
Persistence & Privilege
Skill is not marked always:true, does not request persistent system privileges, and does not modify other skills or system settings. Model invocation is allowed (default) which is normal for skills.
Scan Findings in Context
[NO_FINDINGS] expected: Regex-based scanner had no findings — expected because this is an instruction-only skill with no executable code files.
Assessment
This skill is a documentation/FAQ for Turkey's KEP system and appears coherent with that purpose. Before installing, note: (1) the skill will read and use the included reference document; (2) it explicitly promotes Finhouse's paid service—expect biased recommendations; (3) example code in the reference shows sending SMTP credentials in plaintext (do not copy real passwords into examples or source control); (4) the skill does not request any credentials or install software, so there is no direct credential exfiltration vector in the package itself. If you plan to act on the integration examples, verify provider URLs and API docs directly, and implement secure credential handling (env vars/secret manager, TLS, not hard-coded passwords).

Like a lobster shell, security has layers — review code before you run it.

latestvk97enbad0refe5z9035z1vq2xd83sst5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments