BotEmail.ai - Free bot email
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for creating and reading bot email inboxes, but users should treat the inbox API key, verification codes, optional monitoring, and webhook/MCP integrations as sensitive.
This skill appears safe to install for bot-email testing if you are comfortable using BotEmail.ai as a third-party inbox provider. Protect the generated API key, avoid sharing dashboard links or logs that include keys, confirm before any inbox deletion or heartbeat monitoring, and review the optional MCP server separately before installing it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the BotEmail API key can read messages sent to that bot inbox, including authentication codes.
The skill uses a bearer API key to read an inbox that may contain verification or 2FA codes. This is expected for the email-inbox purpose, but the key controls access to sensitive messages.
GET https://api.botemail.ai/api/emails/{email}
Authorization: Bearer {apiKey}Use the skill mainly for test or bot-specific accounts, protect the API key like a password, and avoid routing sensitive personal or production account recovery emails to the bot inbox.
If the agent uses the delete endpoints incorrectly, emails in the bot inbox could be removed.
The documented API includes destructive inbox operations. They are relevant to inbox management, but misuse could remove messages or verification evidence.
DELETE /api/emails/{email}/{id}
Delete a specific email.
### DELETE /api/emails/{email}
Clear entire inbox.Require explicit user confirmation before deleting individual emails or clearing an inbox, especially when the inbox is used for account verification.
If enabled, the agent may continue checking the chosen inbox and notifying about new messages after the initial task.
The skill can set up persistent inbox monitoring and local state. It is disclosed and requires user confirmation, so this is a notice rather than a concern.
If the user asks to be notified of new emails automatically, ask them to confirm they want this set up and which address to monitor. Then update `HEARTBEAT.md` ... Compares against seen IDs in `memory/heartbeat-state.json`
Only enable heartbeat monitoring for specific inboxes, store credentials securely, and remove the heartbeat entry when monitoring is no longer needed.
A webhook endpoint could receive sensitive email contents, and an unprotected endpoint may process spoofed or malformed requests.
The webhook example receives email contents and processes them immediately. Webhooks are purpose-aligned, but the example does not show origin validation or request authentication.
app.post('/webhook/botemail', (req, res) => {
const email = req.body;
...
processEmail(email);If using webhooks, authenticate requests, validate payloads, treat email content as untrusted input, and avoid exposing secrets in webhook logs.
Installing the optional MCP server would introduce external code with its own permissions and risks.
The README points to an optional external MCP server and npm install flow that is not included in the submitted artifacts. It is user-directed, not automatic.
git clone https://github.com/claw-silhouette/botemail-mcp-server.git cd botemail-mcp-server npm install
Review the MCP server repository, dependencies, and configuration before installing it, and only provide it the minimum credentials needed.