email-triage
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for email triage, but users should notice that it needs IMAP mailbox credentials, sends email previews to a configurable Ollama endpoint, and stores local triage state.
Before installing, confirm you are comfortable giving the skill IMAP access to the selected mailbox. Prefer an app-specific password, keep Ollama local unless you intentionally trust a remote endpoint, and verify the correct script path because the documentation and manifest differ.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the skill can read unread messages from the selected mailbox using the supplied IMAP credentials.
The skill requires mailbox credentials to access unread email. This is expected for an IMAP triage tool, but it is sensitive account access that users should deliberately configure.
`IMAP_USER` | ✅ ... `IMAP_PASS` | ✅ | — | IMAP password or app-specific password
Use an app-specific password where possible, limit the mailbox/account scope if your provider supports it, and confirm the registry metadata gap before installation.
Email snippets may be processed by the configured LLM service; if OLLAMA_URL points off-device, email content could leave the local machine.
The classifier sends sender, subject, and a body preview to the configured Ollama API endpoint. The default is localhost, but OLLAMA_URL is configurable.
Email:\nFrom: {sender}\nSubject: {subject}\nPreview: {preview[:300]} ... Request(f"{OLLAMA_URL}/api/generate"Keep OLLAMA_URL pointed to a trusted local Ollama instance unless you intentionally want to send email previews to another service.
Local triage history may contain email metadata, categories, and reasons that persist across runs.
The skill keeps persistent local state about classified emails and whether they have been surfaced.
`EMAIL_TRIAGE_STATE` (default: `./data/email-triage.json`) — Persistent state file tracking classified emails and surfacing status
Store the state file in a private location, review its contents if email metadata is sensitive, and delete or relocate it when no longer needed.
A crafted email could potentially cause misclassification, such as making spam look urgent or hiding an important message.
Untrusted email content is inserted into the LLM prompt for classification. The prompt asks for JSON only, but malicious email text could still attempt to influence the category or reason.
prompt = f"""Classify this email ... From: {sender}\nSubject: {subject}\nPreview: {preview[:300]}Treat classifications as triage hints rather than final decisions, especially for security, legal, payment, or account-access emails.
The documented commands may fail or prompt users to look for a file path that is not in the provided manifest.
The documented command path does not match the provided file manifest path, which lists scripts/email-triage.py. This appears to be a packaging or documentation mismatch, not malicious behavior.
python3 scripts/email/email-triage.py scan
Verify the actual script path before running commands; based on the manifest, scripts/email-triage.py appears to be the provided file.