Security checks across malware telemetry and agentic risk
This email skill appears purpose-aligned, but it asks users to run an unpinned remote setup script and stores mailbox credentials locally, so it needs careful review before use.
Install only if you trust ClawMail and are comfortable giving this skill access to mailbox content and outbound email. Avoid piping remote setup scripts directly into execution; review the script first or ask the publisher for checksums or a packaged installer. Protect ~/.clawmail/config.json, use a dedicated inbox, and confirm recipients and message content before sending.
if text: body['text'] = text
if html: body['html'] = html
r = requests.post(f'{self.base_url}/inboxes/{self.inbox_id}/messages',
headers=self.headers, json=body)
return r.json()If not already configured, run: ```bash curl -O https://clawmail.cc/scripts/setup.py python3 setup.py my-agent@clawmail.cc ```
```bash curl -H "X-System-ID: $SYSTEM_ID" \ "https://api.clawmail.cc/v1/inboxes/$INBOX_ID/poll" ``` ## Send an Email
curl -X POST -H "X-System-ID: $SYSTEM_ID" \
-H "Content-Type: application/json" \
-d '{"to": [{"email": "user@example.com"}], "subject": "Hello", "text": "Hi there!"}' \
"https://api.clawmail.cc/v1/inboxes/$INBOX_ID/messages"
```
## List Threadsself.system_id = config['system_id']
self.inbox_id = config['inbox_id']
self.address = config['address']
self.base_url = 'https://api.clawmail.cc/v1'
self.headers = {'X-System-ID': self.system_id}
def poll(self):## Setup Before using, run the ClawMail setup script to create your inbox: ```bash curl -O https://clawmail.cc/scripts/setup.py
65/65 vendors flagged this skill as clean.