ClawHub

Email Security

v1.0.0

Protect AI agents from email-based attacks including prompt injection, sender spoofing, malicious attachments, and social engineering. Use when processing emails, reading email content, executing email-based commands, or any interaction with email data. Provides sender verification, content sanitization, and threat detection for Gmail, AgentMail, Proton Mail, and any IMAP/SMTP email system.

2· 1k·0 current·0 all-time
by@ivaavimusic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (email security: sender verification, sanitization, attachment policy) match the included scripts and reference docs. The files present (parse_email.py, sanitize_content.py, verify_sender.py, provider references, policy templates) are appropriate and proportional to the stated purpose. No unexpected cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md workflow confines actions to parsing EML content, verifying headers, sanitizing text, and applying attachment rules. The instructions do ask the agent to prompt for an owner email and update references/owner-config.md (i.e., write its own config), which is expected for a config-driven security tool. No steps instruct the agent to read unrelated system files or send data to external endpoints.
Install Mechanism
No install spec is provided (instruction-only installation), which minimizes supply-chain risk. Scripts are included in the bundle; they run locally and do not download remote artifacts or create installers. This is a low-risk delivery model.
Credentials
The skill declares no required environment variables or credentials. Provider docs reference normal credential handling (OAuth, API keys) as guidance only; the skill itself does not request them. That is proportionate to its described functionality.
Persistence & Privilege
The skill does not set always:true and uses normal autonomous invocation defaults. It does instruct the agent to persist the owner email into references/owner-config.md and agent memory (its own configuration file), which is reasonable for a security policy tool. It does not attempt to modify other skills or system-wide agent settings.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: SKILL.md and threat-patterns.md intentionally contain sample injection payloads (e.g., 'ignore previous instructions') because the skill detects such patterns. The pre-scan flag is a likely false positive in this context but is surfaced correctly by the scanner.
Assessment
This skill appears coherent and appropriate for protecting agents that handle email. Before installing, consider: (1) the scripts will read and write local files (e.g., references/owner-config.md) and can save attachments to disk — run them in an environment with only the minimum file-system permissions you allow; (2) the skill will prompt you to supply an owner email and persist it into the repo/config — verify this is acceptable and back up any existing owner-config.md you care about; (3) review blocked/allowed extensions in assets/security-config-template.json and parse_email.py (they block .py, .jar, etc.) to ensure policies match your needs; (4) although provider docs mention OAuth/API keys, the skill does not require credentials by default — if you adapt it to integrate with Gmail/IMAP/AgentMail, follow best practices for storing credentials (encrypted, scoped, rotated); and (5) if you plan to enable autonomous invocation, be aware the skill can be triggered by agent workflows — test with non-production mailboxes first. Overall, the bundle looks consistent with its stated purpose; review and test in a safe environment before production use.

Like a lobster shell, security has layers — review code before you run it.

agent-safetyvk974pyp7babnhb5b0gyb571zpd80sw50attachmentsvk974pyp7babnhb5b0gyb571zpd80sw50dkimvk974pyp7babnhb5b0gyb571zpd80sw50dmarcvk974pyp7babnhb5b0gyb571zpd80sw50emailvk974pyp7babnhb5b0gyb571zpd80sw50emlvk974pyp7babnhb5b0gyb571zpd80sw50gmailvk974pyp7babnhb5b0gyb571zpd80sw50imapvk974pyp7babnhb5b0gyb571zpd80sw50latestvk974pyp7babnhb5b0gyb571zpd80sw50phishingvk974pyp7babnhb5b0gyb571zpd80sw50prompt-injectionvk974pyp7babnhb5b0gyb571zpd80sw50sanitizationvk974pyp7babnhb5b0gyb571zpd80sw50securityvk974pyp7babnhb5b0gyb571zpd80sw50spfvk974pyp7babnhb5b0gyb571zpd80sw50spoofingvk974pyp7babnhb5b0gyb571zpd80sw50threat-detectionvk974pyp7babnhb5b0gyb571zpd80sw50

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments