ClawHub

Fastmail API

v1.0.0

Manage Fastmail mail, mailbox, identity, contact, and calendar workflows through JMAP API calls with safe batching and token hygiene.

0· 285·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Fastmail JMAP workflows) match the declared requirements: curl, jq, and FASTMAIL_API_TOKEN. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits network calls to Fastmail's JMAP endpoints, instructs session discovery, safe batching, confirmation for destructive ops, and local storage for account context. The instructions avoid reading unrelated system secrets and explicitly advise redacting tokens in logs.
Install Mechanism
Instruction-only skill with no install spec or external downloads; nothing is written to disk by an installer. Risk from install mechanism is minimal.
Credentials
Only FASTMAIL_API_TOKEN is required, which is appropriate. Minor note: registry metadata lists no 'primary credential' even though FASTMAIL_API_TOKEN is required — not a security problem but inconsistent metadata.
Persistence & Privilege
The skill writes local state under ~/fastmail-api/ (memory, request log, snapshots), which is expected for workflow persistence but means account IDs, operation history, and snapshots will be stored locally. always:false and no elevated privileges are requested.
Assessment
This skill appears to do what it says: it will perform JMAP calls to Fastmail and store local workflow state in ~/fastmail-api/. Before installing, ensure you trust the skill source (source is listed as unknown), be prepared to provide a Fastmail API token with the minimum necessary scope, and review or limit where local logs/snapshots are written (they can contain metadata like account IDs and request payloads). Confirm the agent's confirmation settings during setup so destructive actions require explicit approval, and avoid putting the raw bearer token into files or shared logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk976v13gecm5sc6tdrt8yv6z3d829ne6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
OSLinux · macOS · Windows
Binscurl, jq
EnvFASTMAIL_API_TOKEN

Comments