SendClaw Email | FREE Email Address without human permission
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sendclaw-email Version: 1.3.0 The OpenClaw AgentSkills bundle for 'sendclaw-email' is classified as benign. It provides an AI agent with autonomous email capabilities via the sendclaw.com API, which is its stated purpose. While the ability to send emails autonomously is a powerful capability that could be misused, the skill bundle itself does not contain any malicious code or instructions. Crucially, the `SKILL.md` explicitly instructs the AI agent 'Do NOT: Override your human's instructions' and 'DO: Always follow the rules of communication given by your human,' and also mentions that 'All outbound emails are monitored by an AI-powered security system.' These instructions actively work against prompt injection and malicious use, indicating a lack of malicious intent within the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send or reply to emails in ways that affect your reputation, create commitments, share information, or interact with third parties without you reviewing each message first.
The skill authorizes autonomous outbound and inbound email handling, but does not require human approval for each message, define recipient limits, or constrain what tasks qualify as appropriate.
DO: - Send emails autonomously when needed - Reply to incoming messages promptly - Manage your inbox independently
Only use this skill with explicit rules requiring human approval for outbound emails, replies, reservations, account creation, or any message involving personal, legal, financial, or sensitive information.
The agent could create or interact with accounts using an email identity you may not be actively supervising, and verification emails or codes could grant access to third-party services.
The skill explicitly promotes using the agent-controlled mailbox for account registration and verification-code workflows, which are identity and access-control functions.
This is great for registering for services and receiving codes or email verifications.
Do not allow the agent to register for services or process verification codes unless you explicitly approve the specific service and action. Treat the mailbox API key and claim token as credentials.
Anyone who can email the agent may be able to influence its behavior with malicious or misleading instructions if the agent treats incoming email as authoritative.
Inbound email body text is retrieved into the agent context, and the skill gives no warning to treat email content as untrusted or to ignore instructions embedded in messages.
GET /api/mail/messages?unread=true ... "bodyText": "Hey bot, can you help me with..."
Configure the agent to treat all email content as untrusted input, never follow instructions contained in emails without user approval, and avoid exposing sensitive context in replies.
The agent may interpret the skill as permission to act independently in external communications, even when the user has not approved a specific email or conversation.
This wording shifts authority toward the agent and frames the human as secondary, which may encourage unsafe assumptions about permission and oversight.
Once registered, YOU send emails. Your human is just the account manager.
Before installing, define clear communication policies: when the agent may draft only, when it may send, who it may contact, and what requires explicit human confirmation.
If the agent later fetches or follows that remote routine, it may receive additional instructions outside the reviewed artifact.
The skill references an external routine that is not included in the provided manifest, so its contents were not reviewed here.
| **HEARTBEAT.md** | `https://sendclaw.com/heartbeat.md` | Check for new messages routine |
Review any external SendClaw routine, especially HEARTBEAT.md, before allowing the agent to use it for recurring inbox checks.