Skillv1.6.1

ClawScan security

MailMe X News · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 3:32 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated goal (fetch X posts, translate, email) is plausible, but the runtime instructions reference credentials, other skills' files/paths, and an environment variable ($CLAWD) without declaring or justifying required secrets — this mismatch is concerning and deserves review before installing.
Guidance: Before installing or invoking this skill, verify how the required credentials and other skills are handled: 1) Inspect the 'send-email' skill to confirm where SMTP username/password are stored and whether they are kept in a secure secret store (not in plain scripts); 2) Inspect the 'crawl-from-x' skill to ensure it does not exfiltrate scraped content to unknown endpoints and that Browser Relay operation is local and authorized; 3) Confirm what $CLAWD points to in your environment and whether cross-skill file reads are acceptable; 4) Test in an isolated environment (or with non-sensitive accounts) first; 5) If you plan to schedule it, ensure the automated run uses least privilege and that recipient addresses in config.json are intended defaults; 6) If you need higher assurance, ask the publisher for a clear list of required credentials and a description of where secrets live and how image/content data is handled before granting the skill access. If you cannot audit the dependent skills, treat this skill as potentially risky.

Review Dimensions

Purpose & Capability: concernThe skill claims only to fetch X posts, translate, and email them, which is coherent at a high level, but it relies on three other skills (crawl-from-x, send-email, translate) and platform state (Browser Relay, logged-in browser). The SKILL.md does not declare any required credentials or environment variables even though sending email (SMTP credentials) and driving a logged-in X account clearly require secrets and config held somewhere. That gap is disproportionate and unexplained.
Instruction Scope: concernRuntime instructions tell the agent to read and operate on files in other skills' directories (e.g., $CLAWD/skills/crawl-from-x/results/, $CLAWD/skills/send-email/scripts) and to run commands such as 'python3 send_email.py username' and 'openclaw browser status'. The document references the $CLAWD environment variable and instructs the agent to change directories into results/ before sending mail. These steps mean the agent will read other skills' files and may access credentials or sensitive files — but those accesses are not documented in requires.env.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. That minimizes installation risk.
Credentials: concernNo environment variables, credentials, or config paths are declared, yet the workflow depends on SMTP keys, a logged-in X browser session, and a platform path ($CLAWD). The skill implicitly assumes other installed skills hold sensitive credentials, but doesn't state which secrets are required or how they're protected. That lack of declared proportionality is a red flag.
Persistence & Privilege: okalways is false and there is no install-time persistence requested. The skill can be invoked by the agent (normal default), but it does not claim elevated or always-on privileges.