Back to skill
Skillv1.1.0
ClawScan security
Email Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 7:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a multi‑email inbox reader / analyzer / calendar extractor; it asks for the expected credentials and does not contain unexplained network endpoints or installers.
- Guidance
- This skill appears to do what it says, but review and handle credentials carefully before use: 1) Use OAuth credentials.json and app passwords as instructed; do not paste real account passwords into shared places. 2) The Gmail script runs a local OAuth server and will create a token file (token.pickle / token.json) — securely store or delete it after use. 3) Passing passwords on the CLI can expose them in shell history; prefer app passwords and transient input methods. 4) Inspect the scripts yourself before running and run them in a controlled environment (local machine or isolated container). 5) If you don't need write actions, note the Gmail client requests modify scope (it can STAR messages); remove/limit the scope if you only need read-only access.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts (Gmail OAuth client, generic IMAP client, mail parser, scheduler). All requested actions (fetching emails, keyword detection, extracting calendar events) are implemented by the provided files and documented in SKILL.md.
- Instruction Scope
- noteSKILL.md directs the user to run local scripts and to provide credentials via credentials.json (Gmail) or CLI args (IMAP). Instructions stay within the email/calendar domain. Note: the Gmail flow runs a local OAuth server (run_local_server on port 8080) and scripts read/write local files (credentials.json, token.pickle/token.json, output ICS/JSON).
- Install Mechanism
- okNo install specification or remote downloads are present; this is an instruction + code bundle that runs locally. No archives or external installers are fetched by the skill.
- Credentials
- noteThe skill requires user email credentials/OAuth JSON and app passwords per the docs, which are appropriate for the functionality. Registry metadata lists no required env vars, but the code expects credential files and CLI-supplied passwords — the absence of declared required credentials in the registry metadata is a minor mismatch users should be aware of. The scripts cache tokens to disk (token.pickle/token.json), which are sensitive.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform privileges. It writes credential/token files locally (normal for OAuth clients) but does not modify other skills or system-wide configs.