Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
quiet-mail
v1.0.0Provide AI agents with unlimited, no-verification email sending via a simple API using your own agent identity on a reliable, free mailcow infrastructure.
⭐ 0· 1.5k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and documentation implement an email API (agent creation, SMTP send, IMAP read, mailcow integration) which matches the 'quiet-mail' name/purpose. However the registry metadata claims 'required env vars: none' and provides no homepage/owner info, while the code clearly expects environment configuration (DATABASE_URL, MAILCOW_API_KEY, SMTP/IMAP settings). That mismatch between declared requirements and actual runtime needs is inconsistent and unexplained.
Instruction Scope
The SKILL.md instructs agents to call a public HTTPS API (https://api.quiet-mail.com) and shows example usage only — that is narrow and expected. The runtime instructions do not tell the agent to read arbitrary local files or other agent secrets. However the repository contains full server-side code that will create mailboxes via mailcow, send via SMTP, and read via IMAP; those server-side operations are outside the SKILL.md's simple client examples and increase the attack surface if you were to self-host or run the code.
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the package also includes a full FastAPI application and many code files (app/, tests, docker-compose, requirements.txt). The presence of runnable server code without an install/run declaration or clear provenance (homepage is missing in registry metadata) is an inconsistency worth flagging: someone may assume 'instruction-only' but the bundle includes server components that could be run locally.
Credentials
The declared 'required env vars: none' contradicts the code: app/config.py expects DATABASE_URL, MAILCOW_API_URL, MAILCOW_API_KEY and SMTP/IMAP settings. Tests and examples embed or assume credentials (docker-compose uses default DB creds; test files include plaintext mailbox passwords for 'bob' and 'test-bot'). The code stores mailbox passwords and API keys in the database. Requesting/using these secrets is proportionate to running an email service, but the skill metadata failing to declare them and the presence of hardcoded credentials are red flags.
Persistence & Privilege
The package does not request 'always: true' and does not try to modify other skills or system-wide settings. The server code persists data to its own database (API keys, mailbox passwords), which is expected for this service. No unusual platform-privileged behavior was found.
What to consider before installing
This skill contains a full FastAPI email service implementation but the registry metadata falsely claims there are no required environment variables. Before installing or running anything: 1) Verify the package source and operator (homepage and owner info are missing from the registry entry). 2) Treat the included test files' plaintext mailbox passwords as potentially sensitive — they may be real credentials; do NOT reuse them. 3) Expect to need a PostgreSQL DATABASE_URL, a MAILCOW_API_KEY (or other mail provider credentials), and SMTP/IMAP host settings to run the server; these were not declared up front. 4) If you only want the client-side API calls described in SKILL.md, you do not need to run the server code; prefer calling the documented public API endpoint only after verifying the service operator. 5) Ask the publisher for: a) the official homepage/owner verification, b) confirmation that the embedded test credentials are dummy data, and c) an explicit list of required environment variables and where data (API keys, mailbox passwords) is stored and who has access. Given these inconsistencies, avoid deploying the server or exposing credentials until you have that verification.Like a lobster shell, security has layers — review code before you run it.
latestvk97dykbf6e0vm401zgzh9ns5gs80mbf5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.