Mediator
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Mediator matches its stated communication-filtering purpose, but it needs review because it can monitor private messages on a schedule and uses hard-coded Gmail defaults plus undeclared helper/dependency behavior.
Review this skill carefully before installing. Only use it after removing the hard-coded Gmail accounts, explicitly configuring your own accounts and contacts, verifying the Gmail/iMessage helper tools, and deciding whether private messages may be sent to an LLM. Prefer assist/draft mode and avoid scheduled checks until you are comfortable with what it monitors and how to disable it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may try to monitor accounts that are not the installing user's intended accounts, and it is unclear which Gmail credentials the helper will use.
Email processing uses a local Gmail helper and falls back to hard-coded Gmail account identities instead of requiring explicit user account selection.
GOG_SCRIPT = Path.home() / "clawd" / "scripts" / "gog-read.sh"
...
accounts = config.get("mediator", {}).get("gmail_accounts", [
"dylan.turner22@gmail.com",
"dylan@doxy.me"
])Remove hard-coded personal account defaults, require the user to explicitly choose accounts, declare the Gmail credential/helper requirement, and show the selected account before reading mail.
Important context could be missed if originals are hidden, and automatic replies could be risky for legal, financial, family, or business messages.
The documented workflow includes hiding/archiving communications and exposes an automatic response mode, both of which are high-impact communication actions.
- **intercept**: Archive/hide original, only show summary. User never sees raw emotional content. ... - **auto**: Automatically respond (use with extreme caution).
Default to assist/draft mode, require explicit confirmation before archiving/marking read or sending, and add enforced exclusions for legal, financial, child-related, and business-critical messages.
Running the skill can install code from the Python package ecosystem without a clear install-time review step.
A runtime import failure triggers an unpinned package install even though no install spec or dependency requirement is declared.
except ImportError:
print("Installing PyYAML...")
os.system(f"{sys.executable} -m pip install -q pyyaml")Declare dependencies in the install metadata, pin package versions, avoid runtime auto-installation, and ask the user before installing anything.
Private emails or iMessages may be sent to an external LLM provider depending on the user's llm configuration.
Raw message content is passed to the local llm CLI for processing by a configured model/provider.
["llm", "-m", "gpt-4o-mini", prompt, "--no-stream"],
input=content,Clearly disclose the LLM provider and privacy implications, offer a local/offline option, and let users opt out or redact sensitive content before processing.
Once configured, the skill can continue monitoring communications on a schedule until the user disables it.
The skill recommends recurring heartbeat or cron execution for ongoing message checks.
# Process incoming (usually called by cron/heartbeat) ~/clawd/skills/mediator/scripts/mediator.sh check ... */5 9-18 * * 1-5 ~/clawd/skills/mediator/scripts/mediator.sh check
Use a clear opt-in setup step, document how to disable the schedule, and provide visible status/log review for all recurring checks.
A user expecting not to see raw emotional content may still be shown the original message text during fallback behavior.
If LLM processing fails, the fallback can return raw message text, which undermines the advertised emotion-stripping behavior.
# Fallback: simple extraction without LLM
return fallback_summarize(content, mode)
...
summary = content[:500] + "..." if len(content) > 500 else contentDisclose fallback behavior, or fail closed with a warning instead of showing raw content when filtering cannot be performed.