Messages
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is coherent for message triage, but it describes broad, persistent access to private communications and account-changing cleanup actions without clear credential, scope, storage, or retention limits.
Only use this skill if you are comfortable granting access to sensitive messaging accounts. Before enabling it, require channel-by-channel permissions, a clear storage and deletion policy, previews before cleanup actions, and exact approval before any send, archive, mute, unsubscribe, or delete operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private communications and relationship patterns could be collected into persistent context and reused beyond the immediate task.
This indicates broad reuse of private sent and received communications to build voice and relationship context, but the artifact does not define storage, retention, exclusions, deletion, or cross-task reuse limits.
The skill reads your existing sent messages ... and maintains a unified view of each relationship across every channel.
Require explicit channel and folder selection, clear retention/deletion controls, and confirmation of what message history will be stored or reused.
Installing or using the skill could require broad account permissions that are not clearly disclosed or scoped in the registry metadata.
This would require delegated access to multiple private messaging accounts, while the provided metadata declares no primary credential, required environment variables, config paths, or derived capability tags.
complete picture of your incoming messages across all connected channels ... Email. Slack. WhatsApp. iMessage. LinkedIn. Teams. Telegram.
Before use, verify exactly which accounts, OAuth scopes, local profiles, or connectors it will access, and limit permissions to the minimum channels needed.
Important messages could be misclassified as noise and archived, cleared, muted, or unsubscribed from without item-level review.
The skill may take batch cleanup actions on messages that are not individually shown to the user; although confirmation is mentioned, the affected items, reversibility, and exact action are not clearly bounded.
Noise ... Never individually surfaced. Cleared efficiently with your confirmation.
Require a preview list and reversible actions for all cleanup, mute, archive, unsubscribe, or deletion operations.
The agent may be expected to keep monitoring communications after the initial task, increasing privacy and control risks.
The artifact describes ongoing automatic tracking and monitoring, but does not define scheduling authority, stop conditions, user controls, or how persistent state is contained.
Sent a message that requires a reply? The skill tracks it automatically. ... an ongoing process ... over months of use.
Use only with explicit opt-in scheduling, a visible activity log, easy disable controls, and clear limits on what is tracked.