ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DoctorClaw Email Digest

v1.0.0

Smart email digest — categorize unread emails by priority, draft replies for urgent ones. On-demand or scheduled.

0· 216·1 current·1 all-time
by@ceobotson-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name and description match the instructions: scanning unread email, categorizing, and drafting replies. However, the skill metadata declares no required credentials, primary credential, or config paths even though the SKILL.md explicitly says it needs read (and optionally send) access to an email account and may use external delivery channels (Telegram/Discord) or a CRM. A legitimate email-digest integration would normally declare or document the credential(s)/connector(s) it uses.
Instruction Scope
The runtime instructions stay within the claimed purpose: fetch unread messages, extract metadata/body, classify, extract action items, draft replies, and deliver a digest. That is expected for an email digest. Concerns: the instructions assume the agent can access full message bodies, attachments, and may send messages when approved—these are sensitive operations. The SKILL.md does not spell out how credentials/consent are obtained or limit what gets included in externally delivered digests (e.g., it could leak private content to Telegram/Discord if configured).
Install Mechanism
No install spec and no code files (instruction-only). This is lower risk from an installation perspective because nothing is downloaded or written by the skill itself.
!
Credentials
The skill requires email read/send permissions and optionally delivery-channel credentials and CRM access, but the registry entry lists no required environment variables or primary credential. That mismatch is a proportionality and transparency problem: the skill will need access to sensitive credentials (OAuth tokens or API keys) but doesn't declare them, making it unclear which secrets the agent will use or request.
Persistence & Privilege
always is false (good). The skill allows scheduled runs and autonomous invocation (default platform behavior). Given the sensitive nature of email data, granting autonomous or scheduled runs increases blast radius — this is expected for an email automation skill but should be considered carefully by the user.
What to consider before installing
This skill's instructions require access to your inbox and (optionally) the ability to send email and post digests to external channels, but the package metadata does not declare which credentials it will use. Before installing or enabling: 1) Ask how the skill obtains credentials—does it use the platform's OAuth connectors, or will it request raw API keys? 2) Prefer granting read-only access initially; only grant send permission after you verify draft behavior. 3) Confirm where digests are delivered and avoid external channels (Telegram/Discord) for sensitive mail unless you trust that destination. 4) Ask the publisher to list required environment variables or connectors in the registry entry so you can audit what will be accessed. 5) If you enable scheduled/autonomous runs, periodically review activity and which account the skill used to access your email.

Like a lobster shell, security has layers — review code before you run it.

latestvk976v87w9yhhq2b062433z974s82q5dc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis

Comments