Ztpc Spam Sweep
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned for mailbox spam cleanup, but it bundles a plaintext email password and uses persistent browser/session access to make account changes.
Do not install or run this skill with the bundled secret. Rotate the exposed mailbox password, remove secrets.json from the package, use a dedicated browser profile, and test with dry_run=true before allowing the skill to mark mail as spam.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The enterprise mailbox password may already be exposed, and installing or running the skill gives the agent access to that mailbox.
A real-looking mailbox username and plaintext password are bundled with the skill package, giving the skill direct account access and potentially exposing the credential to anyone who can view or install the artifact.
{"username":"ztpc@ztpc.com","password":"[REDACTED]"}Do not use the bundled password. Rotate the mailbox password immediately, remove secrets from the skill package, and provide credentials only through a secure local credential mechanism.
A user could think the skill does not need credentials, while it actually depends on mailbox login secrets.
The registry metadata says no primary credential is required, while SKILL.md requires secrets.json and the manifest includes one. This under-discloses sensitive account access to users reviewing the install metadata.
Primary credential: none
Update metadata to accurately declare credential requirements and avoid distributing any credential file with the skill.
The agent may retain logged-in mailbox access across runs, increasing the impact if the profile or automation is misused.
The skill requires a persistent browser profile rather than an isolated session, which can preserve mailbox authentication state and may include broader browser session data.
Always reuse the SAME persistent browser profile ... Do NOT use a temporary/clean profile.
Use a dedicated browser profile limited to this mailbox, avoid sharing it with other services, and clear or rotate sessions if the skill is no longer needed.
Future runs may access the mailbox with fewer verification prompts.
Marking the device trusted is disclosed and related to 2FA handling, but it weakens future login friction and extends trust for automated access.
tick "trusted device" if available to reduce future prompts
Only enable trusted-device behavior on a controlled machine and revoke trusted sessions if access should be reset.
Legitimate unread emails could be moved to the spam folder if the heuristic misclassifies them.
The mailbox mutation is purpose-aligned and bounded, but the default behavior is to move selected unread emails to spam without per-message confirmation.
"dry_run" (default: "false") ... mark decided SPAM emails as spam
Run with dry_run=true first, keep the max limit low, maintain the allowlist, and review results before allowing automatic marking.