Security audit
ClawMail
Security checks across malware telemetry and agentic risk
Overview
ClawMail is a coherent email API skill, but it enables an agent to send external emails autonomously without documented confirmation or recipient limits.
Install only if you intentionally want an agent to have its own email identity and the ability to send mail. Configure human approval, recipient restrictions, and monitoring before allowing autonomous sends, and protect the ClawMail API key like a password.
VirusTotal
50/50 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
