ClawEmail Admin
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for managing ClawEmail accounts, but it gives an API key authority over Google Workspace accounts and includes destructive account actions.
Install only if you trust ClawEmail and intend this agent to manage these accounts. Treat CLAWEMAIL_API_KEY, returned passwords, and OAuth credentials as secrets, and confirm prefixes carefully before suspending or deleting accounts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this API key could manage ClawEmail accounts and receive sensitive account setup information.
The skill uses an admin API key and handles account passwords/OAuth setup for Google Workspace accounts, which is expected for the purpose but high-privilege.
All admin endpoints require the header: `-H "X-API-Key: $CLAWEMAIL_API_KEY"` ... Each account comes with full Gmail, Docs, Sheets, Calendar, and Drive access plus OAuth credentials for programmatic use.
Only provide a dedicated ClawEmail API key to agents you trust, avoid logging or sharing returned passwords, and rotate the key if it may have been exposed.
A wrong prefix or misunderstood request could delete a Google Workspace account and its data.
The skill documents a destructive account deletion endpoint. It is purpose-aligned and clearly disclosed, but mistakes or unconfirmed execution could cause data loss.
## Delete Email Permanently deletes the Google Workspace account and all associated data: ```bash curl -s -X DELETE https://clawemail.com/api/emails/PREFIX \
Require explicit user confirmation, verify the exact prefix, and prefer suspend over delete when the user is unsure.
Users have less registry-provided information to verify who operates the service before trusting it with an admin API key.
The registry metadata does not provide a source repository or homepage for independent provenance review, even though the skill depends on an external admin API.
Source: unknown Homepage: none
Verify the ClawEmail service and account ownership through trusted channels before supplying an API key or using billing/signup flows.