ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Se Gmail Monitor

v1.0.0

Monitor and manage Gmail accounts for Your Agency Name. Use when checking emails, sending emails, scanning for urgent messages, or performing email triage. S...

0· 64·0 current·0 all-time
by@boris148
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name and description match the code (imap/smtp email monitoring and sending). However, the skill metadata declares no required config or credentials while the included script requires a JSON config containing account emails and app_passwords. That omission is disproportionate to the stated purpose and misleading for users.
!
Instruction Scope
SKILL.md instructs use of a config at ~/.openclaw/workspace/.gmail-config.json and promises confirmation before sending, but the bundled script hard-codes a different absolute path (/Users/your-agent/.openclaw/workspace/.gmail-config.json) and will send immediately when invoked. The runtime instructions and code disagree about config path and user confirmation, increasing risk of accidental credential use or unintended sends.
Install Mechanism
There is no install spec (instruction-only style) and no downloaded dependencies; the risk from installation is low. Note: a Python script is included and would be executed by the agent when invoked.
!
Credentials
Registry metadata lists no required env vars or config paths, but the script loads a JSON file containing account emails and app_passwords. This is a mismatch: secret credentials are required in practice but not declared. Also account keys referenced in the code ('boris', 'info') are inconsistent with SKILL.md's account table, increasing the chance of misconfiguration or exposing credentials to the wrong account.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide changes. Autonomous invocation is allowed (platform default) — combine that with the credential/config omissions above before enabling autonomous use.
What to consider before installing
This skill will access a local JSON config containing email addresses and app_passwords and can send emails. Before installing: 1) Do not assume no credentials are needed — verify where your .gmail-config.json must live and what it contains. 2) Fix the hard-coded path in the script (it uses /Users/your-agent/..., while SKILL.md points to ~/.openclaw/...), or place the config at the exact expected location. 3) Confirm the config keys (account names like 'boris' vs 'agent' vs 'info') match what the script expects. 4) Ensure the agent always asks for explicit user confirmation before sending (the script currently sends immediately when invoked). 5) Run the script in a sandbox or inspect/modify it to remove hard-coded paths and to require explicit confirmation prompts. 6) Limit which credentials you store in the config (use an app-specific password with minimal scope) and restrict this skill's autonomous invocation until you’ve validated behavior. These inconsistencies are suspicious but not definitive proof of malicious intent — correct the mismatches and re-evaluate before granting broad permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bnfwwstxdx679ks2nvz89cd83m5td

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments