Save To Email
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill transparently sends user-requested email through Resend, but it will use your Resend credentials to send real outbound messages.
Install this only if you want the agent to send emails through your Resend account. Keep the .env file private and trusted, use a dedicated API key if possible, and confirm the recipient and message contents before sending.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong recipient or content, it will send a real email from the configured sender.
The script performs the intended outbound email send through the Resend API.
-X POST "https://api.resend.com/emails" ... --data-binary "${PAYLOAD}"Use it only for user-requested sends and review the recipient, subject, and body before running the command.
Anyone or any agent that can run the skill with this environment can send email through the configured Resend account.
The script uses the user's Resend API key to authenticate and send email.
-H "Authorization: Bearer ${RESEND_API_KEY}"Use a dedicated, rotatable Resend key with the least privileges available, keep it out of source control, and revoke it if it is exposed.
A malicious or accidentally edited .env file could execute shell commands when the script starts.
The script sources the local .env file as shell code to load configuration.
if [ -f "${ROOT_DIR}/.env" ]; then ... . "${ROOT_DIR}/.env"Keep the .env file private and trusted, and put only simple RESEND_API_KEY and RESEND_FROM assignments in it.
Reports or private content placed in the email body will leave the local session and be sent to Resend and the recipient.
The email body and recipient are included in the payload sent to Resend for delivery.
"html": html ... "to": [recipient]
Do not include sensitive information unless the recipient and delivery path are intended and appropriate.