ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mediator

v1.0.0

Intercept and filter communications from difficult contacts. Strips emotion, extracts facts, drafts neutral responses. Use when setting up communication filtering for specific contacts, configuring the mediator, or processing intercepted messages. Triggers on "mediator", "intercept messages", "filter communications", "difficult contact", or requests to handle messages from someone the user doesn't want to deal with directly.

0· 937·0 current·2 all-time
byDylan Turner@dylntrnr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements email and iMessage interception, summarization, and drafting as described. However, the default config written by init contains hard-coded Gmail accounts (dylan.turner22@gmail.com, dylan@doxy.me) and the email processor calls an external script at ~/clawd/scripts/gog-read.sh (not included). Those defaults are unexpected for a generic 'mediator' skill and suggest the package was authored for a specific person's environment.
!
Instruction Scope
Instructions and scripts access local email and iMessage histories, write config/state/log files in ~/.clawdbot, and call an LLM via a local 'llm' CLI. Summarize.py will send message content to whichever model/backend the 'llm' CLI is configured to use (potentially sending private messages to remote providers). The SKILL.md mentions Gmail Pub/Sub real-time flow, but implementation actually polls via an external gog-read.sh. The skill reads and archives messages (archive stub exists) — that behavior is within purpose but is sensitive and the code relies on external CLIs/scripts that may have broader access.
Install Mechanism
There is no formal install spec, but the Python scripts auto-install PyYAML at runtime via pip if missing. That behavior runs network installs on first-run which may be surprising; otherwise nothing in the bundle downloads arbitrary remote code. The skill does rely on external CLIs (imsg, a local 'llm' CLI, and ~/clawd/scripts/gog-read.sh) which are not provided here.
!
Credentials
The skill declares no required environment variables or credentials, yet it depends on local tooling and account access (Gmail via gog-read.sh, imsg CLI, and the 'llm' CLI which typically requires API keys/config). The hard-coded gmail_accounts in init is disproportionate and potentially leaks the maintainer's addresses into your config. Notify channels (telegram/slack) are referenced but no tokens or delivery mechanisms are implemented — missing wiring/credentials are inconsistent with the promised integrations.
Persistence & Privilege
The skill does not request 'always' privilege, does not modify other skills, and confines files to ~/.clawdbot (config, logs, state). It suggests adding a cron/heartbeat entry (normal for a polling tool). No automatic enabling of other skills or system-wide changes are present.
What to consider before installing
This package mostly does what it says (monitor local mail/iMessage, summarize via an LLM, and log results), but several red flags deserve attention before you run it: - Hard-coded defaults: The init template includes specific Gmail addresses. Remove or replace these immediately—don't leave someone else's addresses in your config. - External dependencies: The code calls an external script (~/clawd/scripts/gog-read.sh), the imsg CLI, and an 'llm' CLI. Inspect or replace those tools before use. The skill will only be as safe as those dependencies. - Data leakage to LLMs: summarize.py invokes an 'llm' CLI which will forward message content to whatever model/backend your local CLI is configured to use. If you care about confidentiality, verify the llm CLI configuration (where API keys point, provider privacy), or modify the code to use an on-device model or to avoid sending full messages. - Automatic installs: The scripts will pip-install PyYAML at runtime if missing. If you prefer controlled installs, install dependencies yourself first. - Auto-respond risks: The configuration supports an 'auto' respond mode but the code doesn't implement sending responses; enabling auto-response in any integrated system without reviewing behavior would be dangerous. Prefer 'draft' mode and manual review. - Inspect and sandbox: Before running, read the external gog-read.sh and any 'imsg' or 'llm' CLI you have installed. Run the skill in a limited/sandboxed environment or on a test account to confirm behavior. Consider removing or redacting any example accounts in the init template. If you want to proceed, verify the external CLIs and where the LLM sends data, remove the hard-coded accounts, and test with non-sensitive data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97204gy6zdttbe59rzzpyt381811kyf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments