ClawHub

Simple SMTP Mailer

v1.0.0

Send emails via SMTP using the msmtp command-line tool configured in ~/.msmtp/config for authentication and server settings.

1· 343·0 current·0 all-time
byGaoXiang Yu@hitygx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim (send mail via msmtp) matches the manifests and SKILL.md. _meta.json declares msmtp as a required binary and the docs instruct installing msmtp via package managers — consistent and proportionate.
Instruction Scope
SKILL.md and CLAUDE.md instruct the agent to run msmtp commands and to use ~/.msmtp/config for credentials, which is expected. Note: CLAUDE.md contains hardcoded example path (/Users/yugaoxiang/.msmtp/config) that is inconsistent with the documented ~/.msmtp/config and appears to be a leftover from a developer environment — harmless but confusing. Troubleshooting advice includes 'tls_certcheck off', which reduces TLS security and should be avoided in production.
Install Mechanism
No custom install script; install hints use standard package managers (brew/apt/dnf) declared in _meta.json. These are low-risk, well-known install mechanisms.
Credentials
The skill requests no environment variables but depends on the user's ~/.msmtp/config, which stores SMTP username/password. That is appropriate for a mail sender, but it means the agent will have access to credentials stored there and can send arbitrary outbound mail. Users should ensure those credentials are scoped (use app-specific passwords) and understand the exfiltration risk inherent to sending email.
Persistence & Privilege
always is false and the skill is user-invocable. Model invocation is allowed (the platform default) but the skill is not forced into every session. There is no indication the skill attempts to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: run the msmtp CLI using your ~/.msmtp/config. Before installing, consider: 1) the agent will use whatever SMTP credentials are in that file — prefer app-specific passwords and minimal-permission accounts; 2) review and secure ~/.msmtp/config (chmod 600) and avoid placing highly privileged credentials there; 3) be aware the agent can send arbitrary outbound emails (a potential data-exfiltration channel); 4) the CLAUDE.md includes a hardcoded home path (/Users/yugaoxiang/.msmtp/config) — the real config is ~/.msmtp/config on your system; 5) avoid following the advice to disable TLS certificate checks in production. If you only need to send occasional messages, consider manually running msmtp or creating a narrowly scoped SMTP account for the skill rather than exposing your primary email credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974wm42xwvn8tkbdxw1vt55m582j0gy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments