ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proton Bridge Email

v1.0.0

Send email through Proton Mail Bridge (localhost SMTP) using age-encrypted credentials. Use when setting up Proton Bridge for an agent mailbox, encrypting Bridge credentials (no 1Password), or sending automated emails (daily reports, alerts) via Proton Bridge.

0· 1.6k·1 current·1 all-time
by@boilerrat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to send mail via Proton Bridge using age-encrypted credentials and the code does exactly that, but the registry metadata lists no required binaries or config paths even though the runtime requires the 'age' binary and specific secret file locations (~/clawd/secrets/proton.env.age and ~/.config/age/keys.txt). The missing declarations are a mismatch between purpose and requested/assumed capabilities.
Instruction Scope
SKILL.md and scripts are narrowly scoped to: encrypt a plaintext env file with age and run a Python script that decrypts that file and sends mail to localhost SMTP. The scripts read the encrypted file and the user's age private key. The sender script intentionally allows self-signed/local certs (ssl._create_unverified_context) to accommodate Bridge on localhost — this is expected but reduces TLS verification and is worth noting.
Install Mechanism
There is no install spec (instruction-only plus two helper scripts). Nothing is downloaded or written by an install step; risk from install-time arbitrary code is low. The presence of code files means the scripts will run on the host when invoked.
!
Credentials
The skill does not declare any required environment variables or config paths, yet it requires access to specific local secret files (~/clawd/secrets/proton.env.age and ~/.config/age/keys.txt) and the 'age' binary. Requesting access to a user's private age key and decrypted credentials is proportionate to the stated function, but the omission from declared requirements is an incoherence and increases the chance a user will be surprised by what the skill accesses.
Persistence & Privilege
The skill is not set to always: true and does not request elevated or persistent system-wide privileges. It does run subprocess('age') and Python code at invocation, but it does not modify other skills or system configurations.
What to consider before installing
This skill appears to implement what it claims (encrypt an env file with age and send mail through local Proton Bridge), but the package metadata omits key runtime requirements. Before installing or running: (1) verify you have the 'age' binary and Python3 available; (2) confirm you are comfortable the script will read your age private key at ~/.config/age/keys.txt and the encrypted file at ~/clawd/secrets/proton.env.age (these paths are hard-coded); (3) inspect send_email.py (it calls the 'age' binary via subprocess and creates an unverified SSL context for localhost), and consider running it in an isolated environment or container if you are unsure; (4) do not store secrets on shared machines and keep file permissions restrictive; and (5) ask the publisher to update metadata to declare required binaries and config paths so the skill's expected privileges are explicit.

Like a lobster shell, security has layers — review code before you run it.

latestvk974rv2j8wnwt9z4rqt1n48kt580fpsn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments