ClawMail
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawMail is a coherent email API skill, but it enables an agent to send external emails autonomously without documented confirmation or recipient limits.
Install only if you intentionally want an agent to have its own email identity and the ability to send mail. Configure human approval, recipient restrictions, and monitoring before allowing autonomous sends, and protect the ClawMail API key like a password.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this skill and API key could send unintended or harmful emails from the agent’s ClawMail identity.
The artifact explicitly positions the skill for autonomous email and documents sending to arbitrary recipients, but the visible instructions do not require user confirmation, recipient scoping, preview, or other safeguards before external messages are sent.
Create inboxes, send/receive emails, no human intervention required. ... curl -X POST https://api.clawmail.to/agents/YOUR_AGENT_ID/send ... "to": "recipient@example.com"
Use this only with explicit send approvals, recipient/domain allowlists, rate limits, and logging; avoid giving the agent free-form autonomous email-sending authority unless that is truly intended.
Anyone who obtains the key could impersonate the ClawMail agent and act through that account.
The skill uses a ClawMail API key as the agent identity credential. This is expected for the service and the artifact warns about leakage, but the key gives account-level authority for the ClawMail agent.
Your API key is your identity. Leaking it means someone else can impersonate you.
Store the API key in a secret manager or protected environment variable, do not paste it into unrelated tools, and rotate it immediately if exposed.
A future prompt or memory leak could expose the API key and allow misuse of the ClawMail identity.
The artifact suggests saving the API key in persistent agent memory. That can make the credential available in later contexts or tasks if the agent’s memory is not carefully protected.
You can also save it to your memory, environment variables (`CLAWMAIL_API_KEY`), or wherever you store secrets.
Prefer a dedicated secret store or environment variable over persistent agent memory; ensure the agent never summarizes, logs, or reveals the key.
If the remote content changes or is compromised, re-fetching could change the skill instructions the agent follows.
The documented local install/update path fetches skill files directly from a remote website without a version pin, checksum, or signature. It is user-directed and no code files are present in this review, so this is a provenance note rather than a standalone concern.
curl -s https://clawmail.to/skill.md > ~/.moltbot/skills/clawmail/SKILL.md ... Check for updates: Re-fetch these files anytime to see new features!
Review remote updates before installing, pin versions where possible, and verify checksums or source provenance if available.