RevOps Claw | Go-to-market in simplicity and joy
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed SendClaw email integration, but it gives an agent an email identity that can read and send messages, so users should set clear sending and reply limits.
Install only if you want the agent to have a SendClaw email address. Store the API key securely, require review for sensitive or first-time recipients, define whether autonomous replies are allowed, and review any files downloaded from sendclaw.com before using them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send messages to third parties and represent the user or bot identity in real conversations.
The skill gives the agent broad outbound email capability and suggests using email for real-world tasks. This is central to the skill, but it can have external consequences if used without clear user approval.
POST /api/mail/send with `{to, subject, body, cc?}` ... `If your human authorizes you to... register, make reservations or inquire anywhere.`Before using it, set explicit rules for recipients, topics, daily limits, and whether each outbound email must be reviewed first.
Anyone with the API key could send email as the SendClaw bot account.
The SendClaw API key acts as the email identity for the agent. The artifact gives appropriate handling warnings, but the key is still sensitive authority.
`credentials: [SENDCLAW_API_KEY]` ... `Your API key is your identity. Leaking it means someone else can send emails as you.`
Store the key in a secure secrets manager, never paste it into prompts, and only send it to `https://sendclaw.com/api/*` as the skill recommends.
Emails may contain private business or personal information, and malicious senders could try to influence the agent through message text.
Inbound email bodies become context for the agent. That is expected for an email skill, but external senders can include sensitive content or instructions the agent should not automatically trust.
`GET /api/mail/messages` ... `bodyText`: `Hey bot, can you help me with...`
Treat incoming email as untrusted content, avoid sharing message contents unnecessarily, and require human review for sensitive or unusual requests.
The agent could continue checking and responding to mail on a schedule if the user configures such a routine.
The heartbeat file describes recurring mail checks and possible replies. This is purpose-aligned for email handling, but it is ongoing autonomous behavior if enabled.
`# SendClaw Heartbeat (suggested: every 15 minutes)` ... `Process messages, reply if needed`
Only enable recurring checks intentionally, and specify when the agent may reply versus when it must notify the human.
If the remote files change or are tampered with, the local skill instructions could change too.
The optional local install downloads remote instruction files without a pinned checksum. These are not executable code, but they can change the instructions the agent follows.
`curl -s https://sendclaw.com/skill.md > ~/.sendclaw/skills/sendclaw/SKILL.md`
Review downloaded files before use and avoid automated refreshes unless the source and integrity are trusted.