quiet-mail
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherently an email API, but it exposes hard-coded SMTP passwords and gives agents broad no-verification email-sending power without clear approval or rate boundaries.
Do not use this skill until the published SMTP passwords are removed and rotated. If you still evaluate it, verify the service operator, use a dedicated quiet-mail identity, protect the generated API key, require explicit approval before sending emails, and do not let inbound email content control the agent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the skill package may be able to authenticate as that mailbox and send mail under that identity if the credential is still valid.
A packaged test script contains a specific SMTP username and password for an existing mailbox rather than using an environment variable or mock secret.
username="bob@quiet-mail.com", password="TG4IqhvLyXXO..."
Remove the credential from the package, rotate the mailbox password immediately, and require all tests to read secrets from local environment variables or a secret manager.
This exposes mailbox-level authority beyond what a normal user should receive from an email-sending skill.
A second packaged test script includes another concrete SMTP account password for quiet-mail infrastructure.
username="test-bot@quiet-mail.com", password="LxTWbNgAHxY9..."
Remove and rotate this credential as well, and add secret scanning to prevent live credentials from being published.
An autonomous agent could send unwanted, mistaken, or abusive email at scale, creating recipient harm and reputational or policy risk for the user and service.
The documented workflow lets an agent create an email identity without prior authentication and use it for broadly unlimited outbound email.
"Simple, unlimited email for AI agents. No verification required"; "Create Agent" / "No authentication required"; "No daily sending limit"
Require explicit user approval before each send or campaign, document acceptable-use limits, implement enforceable rate limits, and scope allowed recipients/use cases.
Inbox messages may contain secrets, verification links, or malicious instructions that an AI agent could over-trust if treated as authoritative context.
The backend can retrieve full mailbox contents and return email bodies to the agent.
await imap.login(current_agent.email, current_agent.mailbox_password) ... bodyText=body_text, bodyHtml=body_html if body_html else None
Protect the quiet-mail API key like full mailbox access, avoid exposing sensitive inboxes, and instruct agents to treat email content as untrusted data rather than commands.
Users have less registry-level provenance information for deciding whether to trust the external email service.
The registry metadata does not provide a source or homepage even though the skill directs agents to a hosted external email API.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the service operator and domain independently before using it, and prefer a registry entry with a declared source and homepage.