ClawHub

DropMail – disposable email manager

v1.0.1

Manage disposable email addresses using GuerrillaMail. Use when a user wants to create a temporary/throwaway email address, check a disposable inbox for mess...

1· 45·0 current·0 all-time
byNikolay@cprite
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (disposable email via GuerrillaMail) align with the included script and API reference. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md tells the agent to symlink/run the included CLI and describes local storage at ~/.dropmail; the runtime instructions and code focus on API calls, caching, and session handling only. Note: the skill persists PHPSESSID cookies and cached messages to disk (sessions.json and SQLite DB).
Install Mechanism
No install spec — the package is instruction + a single Python script. Nothing is downloaded from arbitrary URLs. The script will be placed on disk when the skill is installed, which is expected for a CLI tool.
Credentials
The skill requests no environment variables or external credentials (appropriate). However, it stores session cookies (PHPSESSID) locally which are sensitive for the GuerrillaMail sessions and should be protected/cleared when not needed.
Persistence & Privilege
always is false; the skill writes files only under the user's home directory (~/.dropmail) which is proportionate for a local CLI tool. It does not request system-wide privileges or modify other skills.
Assessment
This skill appears to do what it says: create and manage GuerrillaMail disposable addresses and cache messages locally. Before installing, review the full scripts (the provided listing was truncated in the report) and consider: 1) sessions.json stores PHPSESSID tokens — treat that file as sensitive and ensure ~/.dropmail has restrictive permissions; 2) the script falls back to an unverified SSL context if the certifi package is missing, which can make API calls vulnerable to MITM on some systems — install certifi or verify TLS behavior; 3) remove cached data (dropmail remove and delete ~/.dropmail) when you no longer need the addresses. If you cannot review the full file, or you need stronger guarantees about TLS and data handling, consider not installing or running the script in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk978haf3rpw9wy5qegfhsjm38d84t8hj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments