Back to plugin

Security audit

bee-push-email

Security checks across malware telemetry and agentic risk

Overview

This email-notification plugin mostly matches its purpose, but its auto-reply implementation can bypass the promised approval behavior in ask mode.

Review this skill carefully before installing. Use an app-specific email password, lock down your OpenClaw config file, keep auto-reply off unless you fully trust the rules, and avoid `reply` or `agent_command` rules until the ask-mode approval and email-content containment issues are fixed.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
CHANGELOG.md:56
Evidence
rm -rf ~/.openclaw/extensions/bee-push-email

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
README.md:209
Evidence
rm -rf ~/.openclaw/extensions/bee-push-email