Proton Mail
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s Proton Mail purpose is clear, but it explicitly teaches stealth browser automation to bypass bot detection while handling a full email account and sending messages.
Install only if you are comfortable giving an automated browser access to your Proton Mail account. Do not use stealth bot-bypass settings unless you accept the service/account risk, and require manual confirmation before any email is sent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may operate Proton Mail in a way designed to avoid service protections, increasing account, compliance, and local browser-risk exposure.
The skill explicitly advertises bot-detection evasion and disables browser sandboxing, which is beyond ordinary purpose-aligned browser automation and weakens containment.
### The Secret Sauce (Bot Detection Bypass) ... '--disable-blink-features=AutomationControlled', '--no-sandbox' ... Object.defineProperty(navigator, 'webdriver', { get: () => undefined });Avoid stealth/bypass settings; prefer an approved API or visible, user-confirmed browser workflow, and do not run with no-sandbox unless you understand the security tradeoff.
A mistaken or over-broad instruction could send an unintended email from the user’s account.
Sending mail from the user’s account is central to the skill, but it is a high-impact action and the artifact does not specify a confirmation step before sending.
### 4. Send Email (Tested & Working) ... // Send with Ctrl+Enter ... await page.keyboard.press('Control+Enter');Require explicit user confirmation of recipient, subject, body, and attachments before any send action.
Providing the password gives the browser session broad access to the Proton account, including reading and sending email.
The skill uses raw Proton account credentials, which is expected for web login automation but sensitive and under-declared by the registry metadata.
export PROTON_EMAIL="your@email.com" export PROTON_PASSWORD="yourpassword"
Use a dedicated account or least-privileged credential where possible, avoid storing real passwords in shell history, and revoke/change credentials if exposed.
Installation pulls code/browser binaries from external sources before use.
The documented setup downloads Playwright and a browser at install time; this is expected for the skill but depends on external package provenance.
Playwright 1.40+ (`npm install playwright`) ... Chromium browser (`npx playwright install chromium`)
Install from trusted package registries, pin versions where practical, and review commands before running them.
Private email subjects, senders, and message bodies may become visible to the agent session and any logs the workflow creates.
The skill extracts inbox metadata and can read message content into the automation context, which may expose private email data to the agent’s working context or logs.
const emails = await page.evaluate(() => { ... subject ... sender ... });
console.log(emails);Limit use to specific messages, avoid processing highly sensitive mail, and do not let email content override user instructions.