Back to skill
Skillv1.0.0
ClawScan security
邮件草稿生成器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 4:03 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's capabilities match its description, but the runtime instructions say it will persist drafts/templates to local JSON files without declaring where or how those files are managed, which is a privacy/persistence mismatch worth reviewing before install.
- Guidance
- This skill appears to do what it says (generate and manage email drafts), but its instructions say it will store drafts in drafts.json and templates.json without saying where or how those files are protected. Before installing, ask: where will these files be written (path)? Will they be encrypted or accessible to other processes/users? How can you view or delete stored drafts/templates? If you plan to generate sensitive emails, avoid using the skill until you confirm storage location and retention policy, or run the skill in an isolated workspace where you control file access and can delete the JSON files afterward.
Review Dimensions
- Purpose & Capability
- okName/description (email draft generation and template management) align with the SKILL.md features (draft generation, template management, tone adjustment, multi-language). Nothing in the instructions asks for unrelated credentials or binaries.
- Instruction Scope
- concernThe SKILL.md explicitly references two data files (drafts.json and templates.json) for storage. It does not specify file locations, retention, access controls, or whether data is encrypted. Persisting user-generated email content can expose sensitive data; the skill does not document how/where this data is stored or how users can inspect/erase it.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes risk from arbitrary downloads or install-time code execution.
- Credentials
- noteThe skill requests no environment variables or external credentials, which is proportionate. However, it implicitly requires filesystem write/read permission for drafts.json/templates.json; this implicit requirement isn't declared in the metadata.
- Persistence & Privilege
- notealways is false and the skill does not request elevated privileges, but it will persist user content to local files. The mismatch between declared config paths (none) and the instruction's storage files is a potential privacy/retention concern.