Skillv1.0.5

ClawScan security

Go-To-Market SalesClaw | Plan your outreach campaign · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 9:09 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (autonomously creating and using sendclaw.com email accounts and API keys) generally matches its description, but metadata mismatches, an unknown publisher, and broad, open-ended instructions for autonomous email sending warrant caution.
Guidance: This skill will create and use an autonomous @sendclaw.com email address and API key and can send and reply to messages on its own. Before installing: 1) Verify the publisher and the sendclaw.com domain (who runs it, privacy/terms, reputation). The registry metadata and the bundled _meta.json disagree on slug/version — ask the publisher to clarify. 2) Consider limiting or supervising autonomous sending (do not set always:true; prefer manual invocation or require explicit human approval before sending). 3) Expect the agent to store a runtime API key — decide whether to use a disposable account or a separate identity for outreach to limit exposure. 4) Monitor outbound messages for misuse (spam, data leaks, phishing). 5) If you need stronger assurances, request source code, a privacy policy, or documentation from the publisher and confirm the API endpoints are legitimate before trusting automatic claim/verification flows.

Review Dimensions

Purpose & Capability: noteThe name/description align with the SKILL.md: it describes registering a bot and using sendclaw.com APIs to send/receive emails. There are no unrelated required binaries or env vars. However, metadata inconsistencies exist (different slugs/versions between registry metadata, SKILL.md header, and _meta.json), and the skill's declared 'homepage: none' but the SKILL.md points to https://sendclaw.com; these mismatch signals reduce confidence in provenance.
Instruction Scope: concernThe SKILL.md explicitly instructs the agent to register, store an API key, send and reply to emails, check inboxes, and 'manage your inbox independently' — i.e., autonomous outbound emailing with broad discretion. While this matches the stated purpose, the instructions are open-ended ('send emails autonomously when needed'), granting the agent broad authority to contact external recipients. The document also points to external endpoints (sendclaw.com/api) and external resources (skill.md, heartbeat.md URLs) which the agent will contact.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials: noteThe skill declares no required environment variables or credentials up front. The runtime flow, however, generates an API key at registration and instructs the agent to save it and use X-Api-Key or Authorization headers for all calls — so the agent will handle secrets at runtime. No unrelated credentials are requested, but the agent will hold an API key that enables outbound email sending, which is a sensitive capability.
Persistence & Privilege: okalways:false (normal). The skill can be invoked autonomously (default behavior), which combined with outbound-email capability increases potential blast radius, but the skill does not request permanent platform-wide privileges or modify other skills' configurations.