Skillv1.0.1

ClawScan security

智能邮件分类助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 11:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (simple rule-based email classification and reply templates), with no network calls or credential requests — minor issues are documentation mismatches and a privacy consideration around passing email text on the command line.
Guidance: This skill appears to do what it says: local keyword-based classification and reply template generation, with no network activity or credential use. Before installing: (1) Note the SKILL.md suggests passing full email text on the command line — that can leak to other local users via process listings; avoid passing highly sensitive content as argv (use stdin or temporary files instead). (2) The README lists the 'requests' package but the script doesn't use it — review the code when updating versions to ensure no hidden network calls are added. (3) If you need stronger or privacy-preserving classification, consider running only on trusted hosts or adapting the script to read from files/stdin and to securely erase temporary files.

Purpose & Capability: okThe name/description (email classification and reply templates) align with the provided Python script: keyword-based classification and template reply generation. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteSKILL.md instructs running the included script with the email text as a command-line argument (python3 scripts/smart_email.py --classify "邮件内容"). That stays within the skill's purpose, but passing sensitive email contents on the command line can expose them to other local users via process listings or system logs; consider using stdin or a temporary file instead.
Install Mechanism: noteNo install spec (instruction-only plus an included script) — low risk. SKILL.md lists 'requests' as a dependency though the shipped script does not import or use requests, indicating a documentation mismatch or leftover requirement.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The script performs only local text processing and prints results; there are no network calls or secret accesses in the code.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills/configs. It does not store tokens or alter agent/system settings.