ClawHub
Back to skill
v1.0.0

Himalaya 1.0.0

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:16 AM.

Analysis

This is a straightforward Himalaya email CLI skill, but it can access, send, move, and delete emails when configured with your email credentials.

GuidanceInstall only if you want the agent to use the Himalaya CLI with your configured email account. Keep credentials in pass or a system keyring rather than plaintext, verify the Homebrew package, and require confirmation before any send, delete, forward, reply-all, or bulk mailbox operation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Send directly using template:
```bash
cat << 'EOF' | himalaya template send
...
Delete an Email
```bash
himalaya message delete 42
```

The documented commands include sending and deleting emails. These are central to an email-management CLI and are shown as examples, but they are high-impact actions.

User impactIf used carelessly, the agent could send an unintended email or delete/move a message from the configured mailbox.
RecommendationRequire explicit user confirmation before sending, deleting, reply-all, forwarding, or moving messages, especially on work or sensitive accounts.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
metadata
Source: unknown
Homepage: https://github.com/pimalaya/himalaya
Install specifications: brew | formula: himalaya

The install path is a standard Homebrew formula, but the registry source is not declared, so provenance is less explicit than it could be.

User impactUsers are relying on the Homebrew formula and local installed binary rather than reviewed bundled code in the skill artifact.
RecommendationInstall Himalaya from a trusted package source and verify the Homebrew formula points to the expected upstream project.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
A configuration file at `~/.config/himalaya/config.toml`
3. IMAP/SMTP credentials configured (password stored securely)

The skill requires access to an email account through local configuration and credentials, which is expected for an email client but grants sensitive account access.

User impactAnyone using this skill with configured credentials could read and act on the associated email account through the Himalaya CLI.
RecommendationUse app-specific passwords or secure secret storage where possible, avoid raw plaintext passwords, and only configure accounts you intend the agent to access.