Email Resend
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This email skill mostly matches its purpose, but it needs review because its cron examples include a concrete Telegram destination and its attachment downloader can write unsafe filenames.
Before installing, confirm you are comfortable granting Resend email access. Do not copy the hardcoded Telegram --to value; configure your own notification target and verify the cron list after setup. Be cautious downloading attachments until filenames are sanitized, and periodically clear or protect the memory files that store email state.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied as-is, private email senders, subjects, previews, and attachment information could be delivered to an unintended Telegram chat or topic.
The documented inbound-email cron setup uses a concrete Telegram target rather than a placeholder or user-derived value, while the same documentation says inbound notifications can include email previews.
--message "Follow instructions in skills/email-resend/cron-prompts/email-inbound.md exactly. If new emails found, include them in your reply." ... --channel telegram ... --to "-1003748898773:topic:334" ... "Body preview (~2000 chars)"
Do not use the hardcoded --to value. Replace it with the user's own target, prefer the dynamic configure-cron flow, and check existing crons for this target before enabling notifications.
A malicious attachment filename could cause downloaded content to be written outside the requested folder or overwrite local files accessible to the user.
Attachment filenames come from inbound email/provider data and are joined directly into a local output path without rejecting absolute paths, ../ traversal, or overwrites.
output_path = output_dir / att["filename"]
download_attachment_url(att["download_url"], output_path)
...
with open(output_path, "wb") as f:
f.write(response.content)Sanitize attachment names with a basename-only allowlist, reject absolute or traversal paths, create unique filenames, and prompt before overwriting.
Anyone or anything with that key may be able to send email and access inbound email data according to the key's Resend permissions.
The skill requires a Resend API key, which is expected for sending and reading Resend emails but grants meaningful account authority.
**Required env vars:** RESEND_API_KEY (API key).
Use the least-privileged Resend key available, store it securely, avoid logging it, and rotate it if exposed.
Local workspace memory may contain sensitive email metadata, reply text, and notification lineage across sessions.
The design persists email metadata and interaction content in OpenClaw memory files for tracking and reply workflows.
"email_metadata": { "subject": "Original Subject", "from": "sender@example.com" } ... "content": "Yes, Thu 4pm?" ... `memory/email-custody-chain.json` — All chains indexed by email_idKeep the workspace private, review retention needs, and clear these memory files when the history is no longer needed.
Email checking and notification delivery can continue after setup until the cron is removed.
The configuration script creates a recurring background cron job that runs an isolated agent session every 15 minutes.
"openclaw", "cron", "add", "--name", "email-resend-inbound", "--cron", "*/15 * * * *", "--message", "Follow instructions in skills/email-resend/cron-prompts/email-inbound.md exactly. If new emails found, include them in your reply.", "--session", "isolated", "--announce"
Review the schedule and destination before enabling it, and use `openclaw cron list` / `openclaw cron delete` to remove it when no longer wanted.