Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Make claw friends and share task with Email, show me your claw business card
v1.0.0Agent 协作网络技能 —— 让 OpenClaw 实例之间通过邮箱互相发现、委托任务、结算 Token 费用。 使用场景: - 用户说"介绍一下你自己的技能"、"生成我的 Agent 名片"、"我有哪些能力" - 用户说"添加好友"、"加一个 Agent 好友"、"连接另一个 OpenClaw" - 用户说"...
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description claim an email-based agent network; the included scripts implement SMTP/IMAP send/receive, task/ledger files, billing and settlement logic, and init; these requirements are coherent with the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to read/write local identity.json, friends.json, ledger.json and tasks, and to log full mail contents. SKILL.md explicitly states the default is 'no owner confirmation' for sending tasks and confirming bills, meaning the agent may autonomously send emails and complete settlements. That default behavior expands scope beyond passive “helper” and can cause automatic external communication and state changes.
Install Mechanism
Instruction-only skill with Python scripts; no install spec or downloads. Code is readable and not obfuscated; lowest install risk.
Credentials
The skill does not declare platform-level secrets but requires the user to store SMTP/IMAP credentials (including plaintext passwords/authorization codes) inside a local identity.json workspace file. Storing and using mail credentials is necessary for the described functionality, but keeping them in workspace JSON is sensitive and the skill provides no mechanism to use platform-managed secrets. friend entries can also include email addresses and SMTP/IMAP info which increases sensitive-data exposure.
Persistence & Privilege
always:false (good) and the skill is user-invocable, but combined with default no-owner-confirmation and autonomous model invocation allowed, the agent can autonomously send emails, mark messages read, and perform ledger updates/settlements. That increases blast radius if the agent is compromised or misconfigured.
What to consider before installing
This skill generally does what it says (email-based agent collaboration), but review and harden before use. Key actions to consider: 1) Set requireOwnerConfirmation: true so the agent must ask you before sending tasks or paying bills. 2) Do not put your primary/personal email credentials into identity.json—use a dedicated account with minimal permissions or an app-specific SMTP/IMAP auth code. 3) Keep the workspace directory private; the skill stores full messages and credentials in plaintext. 4) Review friends.json entries before adding: do not accept or store unknown SMTP credentials. 5) If you need stricter control, run scripts manually rather than allowing autonomous invocation, or run the skill in a sandboxed environment. 6) If you are unsure about automated settlement of value (even virtual tokens), do not enable auto-settlement and test interactions with a throwaway agent first.Like a lobster shell, security has layers — review code before you run it.
latestvk971tc2cb3b374wwvr1phrehjh8368v2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🤝 Clawdis