Back to skill

Security audit

ClawMail

Security checks across malware telemetry and agentic risk

Overview

ClawMail is a coherent email API skill, but it enables an agent to send external emails autonomously without documented confirmation or recipient limits.

Install only if you intentionally want an agent to have its own email identity and the ability to send mail. Configure human approval, recipient restrictions, and monitoring before allowing autonomous sends, and protect the ClawMail API key like a password.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.