ClawHub

MailCheck Email Verification

v1.1.0

Email verification skill for MailCheck API - verify emails, bulk processing, authenticity analysis

0· 298·0 current·0 all-time
by@bnuyts
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md, package.json, and index.js all describe an email verification integration with api.mailcheck.dev and the code performs the described POSTs to /v1/verify, /v1/verify/bulk, and /v1/verify/auth. Functionality matches the stated purpose.
Instruction Scope
Runtime instructions only call the MailCheck API endpoints and accept parameters (email(s), headers, trusted_domains, api_key). They do not instruct the agent to read unrelated files, system credentials, or to call external endpoints other than api.mailcheck.dev.
Install Mechanism
There is no install spec (instruction-only in registry), but the package includes index.js and package.json — i.e., code will run on the agent platform. No external downloads or opaque installers are used. This is reasonable but the absence of an install spec should be noted by users who expect instruction-only skills.
!
Credentials
SKILL.md and index.js expect a MAILCHECK_API_KEY env var or an api_key parameter, but the registry metadata lists no required environment variables or primary credential. The skill legitimately needs an API key to function, so the metadata omission is an incoherence and could lead to confusion or accidental key exposure (examples show inline keys).
Persistence & Privilege
Skill is not marked always:true, does not request system-level config paths, and does not modify other skills. It runs as a normal (user-invocable / agent-invokable) skill.
What to consider before installing
This skill appears to implement exactly what it says: it sends supplied emails/headers to api.mailcheck.dev and requires a MailCheck API key. However, the registry metadata does not declare that MAILCHECK_API_KEY is required — the SKILL.md and code do. Before installing: (1) treat your API key as a secret — prefer setting MAILCHECK_API_KEY in your agent's secure environment rather than pasting keys into command arguments or examples; (2) consider creating a dedicated MailCheck key with minimal scope and rotate/revoke it if exposed; (3) review the published GitHub repo (https://github.com/bnuyts/mailcheck-skill) to confirm authorship and any updates; (4) be aware that sending full email headers can include PII and authentication artifacts (SPF/DKIM/Message-IDs) — only send what you need; (5) ask the publisher or registry to correct the metadata to declare MAILCHECK_API_KEY as a required env var so the permission model is accurate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ey4p2m2zbx26abb396chm5d821kff

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments