Back to skill
Skillv1.5.3
VirusTotal security
Bee Push Email · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMar 24, 2026, 10:06 AM
- Hash
- f527aa5c75df1ddfe7490623f0d82701f553df98913cf5a09a551e1b6cad7309
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bee-push-email Version: 1.5.3 The bee-push-email skill provides real-time email notifications by maintaining an IMAP IDLE connection and triggering the OpenClaw agent. It performs high-privilege operations including creating a dedicated system user ('imap-watcher'), installing a systemd service, and downloading the 'himalaya' binary from GitHub. While these are high-risk behaviors, they are clearly aligned with the stated purpose, thoroughly documented in SKILL.md and README.md, and include security best practices such as running the background service as a non-root user and setting restrictive file permissions (chmod 600) on configuration files containing credentials. The skill also implements a safety-first 'auto_reply_mode' to prevent the agent from unintentionally responding to senders (e.g., phishing/spam) without explicit user consent.
- External report
- View on VirusTotal