da-fu-da-gui
WarnAudited by ClawScan on May 10, 2026.
Overview
This email auto-reply skill is purpose-aligned, but it asks for mailbox authorization and background automatic sending without clear scope, approval, or retention controls.
Review carefully before installing. Only authorize this skill if you are comfortable granting mailbox access and automatic sending rights, and look for clear controls for approval, allowed senders, pausing, revocation, and deletion of stored reply history.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could gain the ability to read mail and send messages from the user's email account if authorized.
The skill requires delegated access to the user's mailbox, but the provided registry requirements list no primary credential and the artifacts do not define the mailbox scopes or permissions.
进入技能设置,授权并绑定你的邮箱账号。
Require explicit disclosure of providers, OAuth scopes, read/send permissions, account limits, and a way to revoke access before installation.
Incorrect templates or trigger logic could send unintended emails to customers, coworkers, or personal contacts.
The skill performs high-impact account actions automatically, but the artifacts do not state that users review each outgoing reply or define limits on when replies are sent.
实时检测新邮件,并自动发送回复
Add clear controls such as dry-run mode, per-message approval, allowed sender/domain rules, rate limits, and easy disabling.
The skill may continue monitoring and replying after setup, increasing the chance of ongoing unintended actions.
The skill describes persistent background operation, but does not specify stop conditions, status visibility, or how the user can pause/disable the automation.
保存设置,技能即自动开始在后台工作。
Provide visible runtime status, pause/stop controls, schedule controls, and clear documentation of what continues running in the background.
Reply history could contain sensitive sender, subject, or timing information.
Recording reply history is purpose-aligned, but the artifacts do not describe what email metadata is stored, how long it is retained, or how users can delete it.
自动记录已回复历史,防止重复发送
Disclose stored fields, retention period, storage location, and provide a deletion/reset option.