Inbox Triage Bot
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a purpose-aligned email triage skill, but it handles sensitive inbox/calendar access and optional external AI processing, so users should review setup choices before running it.
Before installing, inspect the upstream code and npm scripts, use least-privilege Gmail/Google credentials, avoid enabling OpenAI classification unless you accept that data flow, and protect or regularly delete generated inbox digest files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Granting these credentials can expose inbox and calendar data to the tool or its backend configuration.
The skill discloses that email access requires Gmail/App Password or OAuth credentials, which is expected for inbox triage, but the registry metadata does not declare these credentials.
Metadata: "Primary credential: none" / SKILL.md: "Requires himalaya CLI configured with a Gmail App Password" and "Requires OAuth credentials"
Use the least-privileged account or OAuth scopes available, review the himalaya account configuration, and avoid using broad credentials unless you trust the code being run.
If enabled, sensitive email information could be processed by an external provider.
Optional AI classification may involve sending email-derived content or metadata to an external AI provider, but the artifact does not detail exactly what is sent.
"Fetches recent emails" and "OPENAI_API_KEY | — | Optional AI classification"
Enable OpenAI-based classification only if you are comfortable with the provider receiving the relevant email data; otherwise use heuristic/local behavior if available.
Running the npm commands may execute code that was not included in this review.
The artifact set contains no package files or reviewed scripts, while the instructions direct users to run npm installation and npm scripts.
File manifest: "1 file(s): SKILL.md" / SKILL.md: "npm install" and "npm run demo"
Inspect the GitHub repository, package.json scripts, dependencies, and lockfile before running npm install or npm run commands.
The digest file may contain sensitive email or calendar details and remain on disk after the run.
The skill stores generated summaries of inbox/calendar information in a persistent local markdown file.
"Generates markdown daily digest reports" and ">> ~/inbox-triage.md"
Store the digest in a protected location, avoid sharing it unintentionally, and delete old reports when no longer needed.
If installed, the job would continue reading inbox data and writing reports daily until removed.
The artifact documents an optional cron job that would keep running the triage command on a schedule after setup.
"# Daily at 7 AM\n0 7 * * * cd /path/to/inbox-triage-bot && EMAIL_BACKEND=himalaya npm run demo >> ~/inbox-triage.md 2>&1"
Add the cron job only if you want recurring triage, and document how to disable or remove it.