AntiTempmail
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read the shell profile may be able to use the API key, and the assistant can consume the account's API quota when asked to validate emails.
The README recommends storing the AntiTempMail API key in a shell profile. This is a normal integration credential, but it is persistent local account access to the provider.
echo 'export ANTITEMPMAIL_API_KEY="your_api_key_here"' >> ~/.zshrc
Use a revocable, least-privileged API key if available, avoid committing shell profiles, and consider declaring ANTITEMPMAIL_API_KEY in the skill metadata.
Email addresses, including bulk lists, may be visible to and retained by the external API provider according to its logging and caching practices.
The skill sends queried email addresses to the AntiTempMail provider, and the documentation discloses provider-side logging.
All requests are logged for security and analytics
Only submit email addresses you are permitted to share with AntiTempMail, review the provider's privacy terms, and avoid sending sensitive customer lists unless this logging is acceptable.
If users install from the GitHub repository instead of the reviewed package, they may run a different set of files than the artifacts reviewed here.
The README points users to a manual GitHub clone while the scanned registry package itself contains only README.md and SKILL.md and no install spec.
git clone https://github.com/EricMymj/antitempmail-skill.git antitempmail
Prefer the reviewed registry artifact, or verify the GitHub repository contents, commit, and ownership before cloning it into the OpenClaw skills directory.