Skillv0.1.0

ClawScan security

gomail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 7:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (sending mail via the gomail sender CLI) is coherent, but the runtime instructions ask you to download and run a prebuilt binary from the network and to place SMTP credentials in a local config file — actions that increase risk and deserve caution.
Guidance: Before installing or running this skill: 1) Treat the SKILL.md download step as installing arbitrary native code — prefer to manually download, verify, and pin a specific release (and check checksums/signatures) rather than following an automated 'latest' redirect. 2) Review the upstream project (craftslab/gomail) and its releases to ensure trustworthiness. 3) Avoid placing high-privilege credentials in repository files; use a secrets manager or ephemeral/test SMTP credentials. 4) When testing, use --dry-run and restrict attachments to non-sensitive test files; consider running the binary in an isolated/test environment or container. 5) If you cannot verify the binary or prefer lower risk, consider integrating with a known SMTP client library or a well-reviewed managed mail API instead of downloading and executing a remote binary.

Review Dimensions

Purpose & Capability: okName and description match the instructions: the skill wraps the gomail 'sender' CLI to send mail, attachments, and validate recipients. Requiring a sender binary and a config file with SMTP settings is coherent with this purpose.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent/operator to download a prebuilt binary (via GitHub release redirect), extract it, mark it executable, and optionally place it on PATH. It also instructs use of a local JSON config containing SMTP credentials and resolves attachments relative to the working directory (which implies the agent or invoker may read local files). These actions are within the declared goal (sending mail) but broaden the attack surface (remote binary execution, local file access for attachments/config).
Install Mechanism: concernThere is no formal install spec, but the SKILL.md instructs downloading and extracting a tarball from a GitHub releases 'latest' redirect and running the contained binary. Downloading and executing remote binaries (even from GitHub releases) without pinning a version, checksum, or signature is a higher-risk pattern and should be treated cautiously.
Credentials: noteThe skill declares no required env vars, and instead relies on a local JSON config file for SMTP credentials. That is proportionate to sending email, but the skill does not declare or protect those secrets and may cause credentials or local files (attachments) to be transmitted over SMTP. No unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request permanent 'always' presence and does not declare changes to other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests.