claw-mail
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent email-management tool, but it needs Review because it has broad email-account powers and its “TLS always enabled” safety claim conflicts with documented no-TLS options.
Install only if you intend to let the agent access and operate your email accounts. Use trusted credential storage, avoid the no-TLS/no-SSL flags, review outbound messages and batch sends before execution, and test rules/webhooks/heartbeat behavior on a limited account first.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe credentials and messages are always protected by TLS, while direct-mode options can disable transport encryption if used.
These documented options conflict with SKILL.md's Security claim that all IMAP/SMTP connections enforce TLS 1.2+ and certificate validation is always enabled.
`--imap-no-ssl` ... Disable SSL; `--smtp-no-tls` ... Disable TLS
Do not use the no-SSL/no-TLS flags unless you fully understand the risk; update the skill documentation to remove the “always enabled” claim or clearly mark these options as unsafe/debug-only.
If invoked incorrectly, the agent could send messages, forward email, or change mailbox organization.
The skill intentionally exposes high-impact email actions, including external sends, forwards, batch sends, and mailbox/folder mutations.
`send_mail.py` | Send rich HTML emails via SMTP ... `forward_mail.py` | Forward an email ... `manage_folders.py` | List, create, delete, rename, and move IMAP folders ... `mail_merge.py` | Batch personalised sends
Use it only with explicit user intent, review recipients/content before sending, and avoid folder deletion or bulk operations unless you have backups or recovery options.
Configured accounts can be read from and acted on using stored credentials.
The skill uses email account credentials and local credential stores, which is expected for IMAP/SMTP access but gives the agent delegated account authority.
Passwords in config support 1Password CLI (`op://vault/item/field`), macOS Keychain (`keychain://service/account`), and environment variables (`env://VAR_NAME`).
Use least-privilege mail credentials where possible, scope configs to intended accounts, and prefer credential-manager or env references over raw password CLI arguments.
Email subjects, senders, message IDs, and rule/tag metadata may be shared with third-party webhook endpoints.
Rule processing can send email metadata to a configured external webhook URL.
`webhook_url: "https://..."` ... The webhook POSTs a JSON payload with `event`, `message_id`, `subject`, `sender`, `matched_rules`, and `tags` fields.
Only configure trusted webhook URLs, avoid sending sensitive mailbox metadata to broad/shared endpoints, and document what data is posted.
A message that failed earlier may be sent later, potentially after the user has moved on from the original task.
The Outbox retry mechanism can persist failed sends and later deliver them when retry/heartbeat behavior is invoked.
Retry sending messages sitting in the IMAP Outbox folder ... If a send fails, the message remains in the Outbox ... this script drains the Outbox
List the Outbox before draining it, and keep heartbeat/retry automation disabled unless delayed delivery is desired.
Users have less provenance information and may need to resolve dependencies manually.
The registry metadata does not identify an upstream source or declare runtime dependencies, while SKILL.md separately says Python 3.11+ and PyYAML are needed.
Source: unknown; Homepage: none; Install specifications: No install spec; Required binaries ... none
Review the included scripts before use and prefer a version with declared source, dependency, and credential requirements.