BotEmail.ai - Free bot email
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: bot-email Version: v1.0.7 The OpenClaw AgentSkills skill bundle for BotEmail.ai appears benign. All files consistently describe and implement functionality for creating and managing bot email addresses via the `https://api.botemail.ai` API. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, installation of backdoors, or harmful prompt injection attempts against the agent. The `SKILL.md` explicitly instructs the agent not to store API keys unless the user requests it, and the heartbeat feature is described as notification-only. All network calls and example code target the stated `botemail.ai` service, and local file access is limited to agent-specific state (`memory/heartbeat-state.json`). Optional installation steps for an MCP server are clearly separated and not part of the core agent skill execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the BotEmail API key can read messages sent to that bot inbox, including authentication codes.
The skill uses a bearer API key to read an inbox that may contain verification or 2FA codes. This is expected for the email-inbox purpose, but the key controls access to sensitive messages.
GET https://api.botemail.ai/api/emails/{email}
Authorization: Bearer {apiKey}Use the skill mainly for test or bot-specific accounts, protect the API key like a password, and avoid routing sensitive personal or production account recovery emails to the bot inbox.
If the agent uses the delete endpoints incorrectly, emails in the bot inbox could be removed.
The documented API includes destructive inbox operations. They are relevant to inbox management, but misuse could remove messages or verification evidence.
DELETE /api/emails/{email}/{id}
Delete a specific email.
### DELETE /api/emails/{email}
Clear entire inbox.Require explicit user confirmation before deleting individual emails or clearing an inbox, especially when the inbox is used for account verification.
If enabled, the agent may continue checking the chosen inbox and notifying about new messages after the initial task.
The skill can set up persistent inbox monitoring and local state. It is disclosed and requires user confirmation, so this is a notice rather than a concern.
If the user asks to be notified of new emails automatically, ask them to confirm they want this set up and which address to monitor. Then update `HEARTBEAT.md` ... Compares against seen IDs in `memory/heartbeat-state.json`
Only enable heartbeat monitoring for specific inboxes, store credentials securely, and remove the heartbeat entry when monitoring is no longer needed.
A webhook endpoint could receive sensitive email contents, and an unprotected endpoint may process spoofed or malformed requests.
The webhook example receives email contents and processes them immediately. Webhooks are purpose-aligned, but the example does not show origin validation or request authentication.
app.post('/webhook/botemail', (req, res) => {
const email = req.body;
...
processEmail(email);If using webhooks, authenticate requests, validate payloads, treat email content as untrusted input, and avoid exposing secrets in webhook logs.
Installing the optional MCP server would introduce external code with its own permissions and risks.
The README points to an optional external MCP server and npm install flow that is not included in the submitted artifacts. It is user-directed, not automatic.
git clone https://github.com/claw-silhouette/botemail-mcp-server.git cd botemail-mcp-server npm install
Review the MCP server repository, dependencies, and configuration before installing it, and only provide it the minimum credentials needed.