Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Analyzer
v1.0.0分析并清理 biqiang@126.com 邮箱中的邮件,按固化关键词分类后生成报告,待确认后执行安全删除操作。
⭐ 0· 115·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (analyze and delete emails in biqiang@126.com) align with the code: IMAP client usage, searching, backup and expunge operations. However, instead of requesting credentials from the environment, the skill embeds a plaintext password and a hard-coded email/server pair for a named individual ('Wood 哥'), which is unusual and sensitive even if the declared purpose is to manage that specific mailbox.
Instruction Scope
SKILL.md and the scripts limit operations to analysis, backup, confirmation and deletion and instruct waiting for a manual confirmation. But the code supports automated deletion via CLI flags (--confirm) and the agent platform allows autonomous invocation by default. SKILL.md uses hard-coded local paths (/Users/lobster/...), locked configuration text, and asserts this is the '唯一合法方式' — these broaden scope and reduce flexibility to safely adapt credentials or destinations. There are no instructions to exfiltrate data externally, but the delete capability combined with embedded credentials is high-impact.
Install Mechanism
There is no install spec (instruction-only install) and no external downloads. All code is included in the bundle, so nothing is pulled from remote URLs at install time.
Credentials
The skill requests no environment variables but contains a plaintext IMAP password in CONFIG (password: 'WUEw8qhBwjzpUAZW') and a hard-coded email account. Embedding credentials in the package is disproportionate and dangerous: it exposes sensitive access in the skill itself and prevents the user or platform from controlling which credentials are used.
Persistence & Privilege
always:false (good) but disable-model-invocation:false (default) means an agent could call this skill autonomously. Combined with embedded credentials and scripts that can perform irreversible deletion (expunge), the blast radius is significant if the skill is invoked without explicit human oversight. SKILL.md's 'locked' claims are not enforceable by the platform and shouldn't be relied on.
What to consider before installing
This skill will connect to imap.126.com as biqiang@126.com using a plaintext password embedded in the code and can permanently expunge emails. Don't install or run this unless you are explicitly the owner of that account and you trust the source. If you are the legitimate owner and want similar functionality: (1) remove the hard-coded credential and supply credentials via a secure secret store or environment variable, (2) run first in analyze-only mode and inspect the generated report before any deletion, (3) verify backups are created and stored securely before running deletions, (4) avoid enabling autonomous agent invocation or require explicit human confirmation each run, and (5) consider rotating the mailbox password after testing. If you are not the mailbox owner, do not install — the package includes direct access credentials for a third party which is inappropriate and risky.Like a lobster shell, security has layers — review code before you run it.
latestvk970zx9r5df2k28m5vaqs3vy2183345m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.