ClawHub

Neomutt Commander

v1.0.0

Read, search, organise, and draft emails using neomutt — a terminal IMAP client. List inbox, search, read HTML email via w3m, mark read/unread, manage folder...

0· 313·0 current·0 all-time
byElmo@elmoyeldo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (neomutt-based email reading, searching, composing, folder management) matches the SKILL.md content and required binaries (neomutt, w3m). Nothing required by the skill appears unrelated to managing IMAP mail via neomutt.
Instruction Scope
The instructions are narrowly focused on configuring and using neomutt and w3m. They do, however, instruct creating a neomutt config containing imap_user and imap_pass (plaintext in the config file) and enabling HTML rendering via w3m; both actions cause the agent/process to read local config files and to fetch remote HTML resources when rendering messages. There are no instructions to exfiltrate data to other external endpoints.
Install Mechanism
No install spec or remote downloads; the SKILL.md simply documents using system package managers (brew/apt) to install known packages (neomutt, w3m). This is low-risk and proportional to the task.
Credentials
The skill requests no environment variables or credentials in the registry metadata, which is consistent; however, the runtime instructions require storing email credentials (imap_pass) in local config files. That is necessary for neomutt but is a sensitive action (plaintext app passwords). The skill does not suggest secure storage alternatives (keyring, use of environment variables, or token-based auth).
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent/privileged presence or modifications to other skills. Autonomous invocation is allowed by default (normal for skills) and should be considered when granting access to email.
Assessment
This skill appears to do exactly what it says—help you use neomutt—but note two practical security/privacy points before installing/using it: (1) it instructs storing your IMAP password in a neomutt config file (plaintext) — prefer App Passwords, OS keyrings, or other secure storage if possible; (2) rendering HTML with w3m can contact external hosts (images/tracking) and reveal that you opened messages. Also be mindful that running neomutt from an agent requires the agent/process to access your mail config and network; only enable or allow autonomous use if you trust the agent and are comfortable with it accessing your mailbox and drafts (the skill sensibly recommends saving drafts unless you explicitly approve sending). If you want tighter safety, avoid placing passwords in plaintext, disable automatic HTML loading, and require explicit user confirmation before sending messages.

Like a lobster shell, security has layers — review code before you run it.

latestvk9735x4wb6cmxppbk947bmv4bn81xt5j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binsneomutt, w3m

Comments