React Email Skills
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: react-email-skills Version: 2.0.0 The skill bundle is a comprehensive and well-structured set of instructions for an AI agent to assist in developing email templates using the React Email framework. It includes detailed documentation on components, styling limitations for email clients, internationalization, and integration with sending services like Resend and Nodemailer. The behavioral guidelines in SKILL.md are focused on maintaining code quality and providing helpful user feedback, with no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands installs packages and starts a local development server in the user’s environment.
The skill instructs users to scaffold and install a Node project using npm/npx, including an unpinned latest package. This is normal for the stated React Email development purpose, but it is still a supply-chain step users should recognize.
npx create-email@latest cd react-email-starter npm install npm run dev
Run setup only in a project directory you intend to modify, review the package source if needed, and consider pinning versions for production or regulated environments.
A provider API key can allow emails to be sent from the user’s account or domain, which may affect account reputation, quotas, or billing.
The sending workflow uses provider credentials from environment variables. This is expected for an email-sending integration, and the artifacts do not show hardcoded secrets or credential leakage.
const resend = new Resend(process.env.RESEND_API_KEY);
Use scoped provider keys where possible, store them in environment variables or a secret manager, avoid pasting them into generated source files, and rotate keys if exposed.
If used with real credentials and recipients, the workflow can send actual emails outside the local project.
The skill documents using an email-sending tool or SDK to send outbound messages. This is directly aligned with the skill purpose, but sending email is an external action that should remain user-directed.
Use Resend MCP send-email tool with: // - to: recipient@example.com // - subject: Welcome to Acme // - html: html // - text: text
Confirm the recipient list, sender domain, subject, and content before sending; use verified domains and test recipients before production sends.