Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Messages
v1.0.0A comprehensive AI agent skill for managing the full spectrum of incoming messages across email, chat, and other communication channels. Triages by urgency a...
⭐ 0· 275·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims cross-channel access (email, Slack, WhatsApp, iMessage, Teams, LinkedIn, Telegram, etc.), needs to read sent messages and full conversation history, and performs actions like unsubscribe and follow-ups — but the package declares no required environment variables, API keys, or config paths. Accessing those services legitimately requires credentials and explicit OAuth flows; the absence of any declared credential or integration points is disproportionate and incoherent with the stated purpose.
Instruction Scope
The SKILL.md explicitly instructs the agent to read your existing sent messages, check every channel for conversation history, draft replies in your voice, track threads, and perform unsubscribe/mute actions. Those instructions direct the agent to read and act on highly sensitive personal and business communications across multiple services; they do not specify how credentials are obtained, what endpoints are used, or any limits on data collection or external transmission.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes immediate disk-writing risk. However, the lack of an install mechanism contributes to the incoherence because there is no documented OAuth or connector flow for obtaining the broad access the instructions require.
Credentials
No environment variables, secrets, or primary credential are declared, yet the skill clearly needs many (email account credentials or OAuth tokens, chat API tokens, phone-linked/message-backend access). The requested scope implied by the instructions (read/write across many channels, access to sent-mail archive, contact and thread metadata) is large and sensitive; it is not justified or described in the metadata.
Persistence & Privilege
always: false (normal) and autonomous invocation is allowed (platform default). These settings are reasonable for the skill type; however, if you later grant broad credentials, autonomous invocation increases the potential blast radius (noted as a user consideration).
What to consider before installing
Do not install or grant access yet. Ask the publisher for specifics before proceeding: which channels are supported, exactly what credentials or OAuth scopes the skill requires, how tokens are obtained and stored, whether any message content or metadata is sent to external servers or third parties, and whether drafts or message data are retained. Prefer skills that use platform-managed OAuth flows with least-privilege scopes (read-only inbox vs full send/delete), provide an auditable privacy/security policy, and have a verifiable source repository or homepage. If you must try it, test with a dummy account and limit granted scopes; never provide permanent elevated credentials without clear, documented justification and review.Like a lobster shell, security has layers — review code before you run it.
communicationvk97afrpq0preha3ng5mkg8f4r982grrjinboxvk97afrpq0preha3ng5mkg8f4r982grrjlatestvk97afrpq0preha3ng5mkg8f4r982grrjmessagesvk97afrpq0preha3ng5mkg8f4r982grrjrepliesvk97afrpq0preha3ng5mkg8f4r982grrjtriagevk97afrpq0preha3ng5mkg8f4r982grrj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.