Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match an email-sending/receiving skill, but SKILL.md explicitly references an 'API Key: 已配置' and a specific mailbox (fhbillwer@agentmail.to) while the registry metadata declares no required environment variables or credentials. A mail integration normally requires at least an API key and account configuration; their absence from the declared requirements is inconsistent.
Instruction Scope
Runtime instructions are vague about how the AgentMail API is accessed and instruct the agent to persist email data at /workspace/data/emails/. The skill may send user email content to an external service and will write potentially sensitive messages to local workspace storage; the instructions do not document endpoints, auth mechanics, retention, or who can access those stored emails.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there is no installer downloading or executable being placed on disk. That reduces supply-chain risk compared to arbitrary downloads.
Credentials
The SKILL.md implies an API key and a configured email account but the skill declares no required env vars or primary credential. That mismatch is disproportionate: a mail-sending skill should explicitly declare the credentials it needs (e.g., AGENTMAIL_API_KEY, AGENTMAIL_EMAIL) and not rely on undocumented, implicit credentials.
Persistence & Privilege
Although the skill is not marked always:true and does not request elevated platform privileges, it directs storage of email data to /workspace/data/emails/, creating persistent storage of sensitive information without documenting retention, access controls, or encryption. The skill does not declare that config path in metadata, so this is an undeclared persistent footprint.
What to consider before installing
This skill's purpose (send/receive email) reasonably requires an API key and explicit account configuration, but the package does not declare any credentials and hardcodes or references an email address. Before installing: 1) Ask the publisher how authentication works and where the API key is stored—prefer explicit environment variable names (e.g., AGENTMAIL_API_KEY, AGENTMAIL_EMAIL). 2) Ask for the AgentMail API endpoint, privacy policy, and data retention rules. 3) Confirm who can access /workspace/data/emails/ and whether stored mail is encrypted or automatically deleted. 4) If you handle sensitive email, test in a sandbox and avoid granting platform-wide credentials. 5) If the publisher cannot explain the missing credentials or justify the hardcoded mailbox, do not install.Like a lobster shell, security has layers — review code before you run it.
latestvk971fygqqypb67pfgpffq91fmx82mbac
License
MIT-0
Free to use, modify, and redistribute. No attribution required.