Back to skill
Skillv1.0.14
ClawScan security
Email Resend · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 8:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requested environment variables are coherent with its stated purpose (sending/receiving email via the Resend API); nothing indicates hidden endpoints, unrelated credentials, or suspicious install activity.
- Guidance
- This skill appears to do what it says: it needs your Resend API key so it can read inbound emails and send messages via api.resend.com. Before installing: (1) be prepared to provide RESEND_API_KEY — anyone with that key can send and read mail for that account, so prefer a scoped/rotated key if possible; (2) the skill will create and modify files under ~/.openclaw/workspace/memory/ (preferences, custody chain, state files) and may add an openclaw cron job — verify the cron target (chat_id/topic) before enabling; (3) attachments downloaded by the skill are written to disk — treat them like any downloaded files; (4) there are some minor implementation issues (truncated code in draft-reply.py) — consider testing in an isolated environment before trusting it for production; (5) if you do not want the skill to post notifications to a global/static target, avoid running the hardcoded cron example and instead use the dynamic preferences flow. If you want more assurance, review/run the included tests and inspect the created memory files after a dry-run.
Review Dimensions
- Purpose & Capability
- okName/description (send/receive via Resend) align with required env var (RESEND_API_KEY), required binaries (python3, openclaw), and included scripts (inbound/outbound/draft-reply/download_attachment). The declared Python deps (requests, pyyaml) match the code.
- Instruction Scope
- noteSKILL.md and cron prompts direct the agent to read/write a dedicated preferences file (memory/email-preferences.md) and to use memory_get/memory_write patterns; scripts read/write workspace memory files (~/.openclaw/workspace/memory/*) and call the openclaw CLI to manage cron jobs. These actions are appropriate for an email notification/cron skill, but note small inconsistencies: SKILL.md warns not to scan other memory files, while comments in inbound.py mention the agent will use memory_search + message tool for delivery (this is contextual, not obviously malicious). Also some source appears truncated/buggy in places (draft-reply.py partially truncated) — that is an implementation quality issue, not a scope creep concern.
- Install Mechanism
- okInstruction-only skill with included Python scripts; no external downloads, no package installs from untrusted URLs, and no extract/install steps. Low install risk.
- Credentials
- okOnly required environment variable is RESEND_API_KEY (appropriate for Resend API access). Optional env vars DEFAULT_FROM_EMAIL/NAME and OpenClaw runtime vars (CLAW_CHAT_ID, CLAW_THREAD_ID, etc.) are reasonable and used for preferences and cron configuration. No unrelated cloud credentials or broad secrets are requested.
- Persistence & Privilege
- okSkill is not always-enabled and uses standard files under the user workspace (~/.openclaw/workspace/memory/...). It creates/updates its own memory and state files (custody chain, pending/acknowledged state) but does not modify other skills or system-wide settings beyond adding a cron via the openclaw CLI (expected for a cron-based notifier). Autonomous model invocation is default but not combined with other red flags.