Email Smart Reply (AI-Powered)

What to check before installing or running this skill: 1) Credentials and metadata mismatch: The registry lists no required environment variables, but the code clearly needs IMAP/SMTP credentials, OPENROUTER_API_KEY, and a Discord bot token. Do not provide these secrets until you inspect and trust the code. Update the registry metadata to list required env vars before running in production. 2) Run in dry-run / isolated environment first: Use the provided --dry-run mode and run the integration test in a sandbox or throwaway VM to verify behavior. Dry-run prints embeds instead of sending but still reads .env and local files — run on a machine that does not contain production secrets. 3) Inspect and harden .env and workspace paths: The scripts read a root .env and expect access to $WORKSPACE/skills/imap-smtp-email/ and a vector_store directory. Ensure those paths do not contain unrelated credentials or secrets you don't want this skill to access. Consider running the skill in a dedicated workspace with only the minimal KB and test mailboxes. 4) Child-process and external script execution: kb-retrieval uses execSync to call a python script in vector_store; discord-review uses execFile to invoke an SMTP node script. Confirm the existence and contents of those external scripts (they will execute with your environment and could run arbitrary code). If you cannot verify them, do not run the live pipeline. 5) Missing referenced files: The code attempts to call a scripts/smtp.js (via execFile) and references $WORKSPACE/skills/imap-smtp-email/drafts/ and vector_store/search-customers.py; verify those files exist and are safe. If files are missing it may crash or fall back to other behaviors. 6) Limit service permissions: If you run it, give the process least privilege: a dedicated mailbox account with minimal permissions, a Discord bot with access only to the review channel, and an OpenRouter key with appropriate billing/usage controls. Avoid using admin accounts or shared credentials. 7) Code review checklist: confirm that OpenRouter API key is used only for classification/reply generation, that the skill does not exfiltrate data to unknown endpoints, and that Discord messages are posted only to the configured channel. Check calls to fetch() and child_process usages for unexpected endpoints or command injection vectors. 8) Operational suggestions: Pin dependencies, run static code analysis, and consider wrapping the skill in a supervised service that enforces timeouts and logs network calls. Only enable automatic or cron-driven runs after a successful dry-run audit and after limiting the credentials to a test account.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.