ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proton Mail

v1.0.1

Manage ProtonMail emails via Playwright browser automation. Login, read, send, and manage your encrypted inbox.

0· 544·0 current·0 all-time
byChristopher@christopher-schulze
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared purpose (automating ProtonMail via Playwright) aligns with the required binaries (node, playwright) and the runtime instructions. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md repeatedly instructs using PROTON_EMAIL and PROTON_PASSWORD — this mismatch is incoherent and should have been declared in the skill manifest. The skill owner/source is unknown which reduces trust.
!
Instruction Scope
The SKILL.md instructs the agent to perform full browser automation including logging in, reading, and sending encrypted email — which is expected — but it also explicitly includes bot-detection evasion code (overriding navigator.webdriver and disabling automation-related features). That behavior goes beyond normal automation guidance and could violate site TOS or be abused. The instructions also encourage storing credentials in environment variables but do not specify secure handling, nor does the manifest declare those env vars.
Install Mechanism
There is no centralized install spec in the registry (instruction-only), but the SKILL.md suggests installing Playwright via npm and running `npx playwright install chromium`. Those are standard installer paths (no third-party download URLs). Still, the Chromium install will download browser binaries at runtime; because the skill relies on npx installs and running a browser, users should inspect all commands before executing them in production environments.
!
Credentials
The skill requires the user's ProtonMail credentials to function (email/password), which is reasonable for UI automation, but the manifest fails to declare any required env vars or primary credential. Requiring highly sensitive credentials without declaring them in the registry metadata (and without guidance on secure storage or least privilege) is a proportionality and transparency issue. Also the skill asks users to disable sandboxing flags which can increase host risk if run on shared systems.
Persistence & Privilege
The skill is not marked always:true and does not request special platform persistence. It is user-invocable and allows autonomous model invocation (the platform default). The skill does not request or attempt to modify other skills or system-wide agent settings in the provided instructions.
What to consider before installing
This skill appears to do what it says (browser automation for ProtonMail) but exercise caution before installing or running it. Items to consider: 1) Manifest mismatch — the SKILL.md asks you to supply PROTON_EMAIL and PROTON_PASSWORD but the registry metadata does not declare these as required credentials; ask the publisher to correct the manifest so you clearly know what secrets will be used. 2) Bot-evasion code — the instructions explicitly disable automation detection and recommend disabling the Chromium sandbox; this can violate ProtonMail's terms and raises operational and security risks (especially the --no-sandbox flag on multi-user hosts). 3) Credential safety — only run this in a trusted, isolated environment (not on shared servers) and prefer ephemeral accounts or Proton-approved methods (Bridge/API) if available. 4) Source verification — the skill’s source is unknown; verify the author/publisher and review the exact code you will run. 5) If you decide to run it, avoid running with --no-sandbox on production/shared machines, ensure the environment variables are injected securely, and consider manual review or running in a locked-down container/VM. If you want, I can draft a checklist of safe operational steps or a safer alternative approach (e.g., Proton Bridge or official APIs) based on your environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk972nfbz9zh4rfdjky1r006wfs8186jn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binsplaywright, node

Comments