Back to skill
Skillv1.0.4
VirusTotal security
Send transactional email via DmartechX/Iemail OpenAPI. Configure in OpenClaw skills env or use secret.md. · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:04 AM
- Hash
- 45593509967ac8380b652bddc72a2d696fdca5384aa33d56ba030de48a9d4901
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: iemail-send Version: 1.0.4 The skill 'iemail-send' contains security vulnerabilities, specifically the use of `os.system` in `send_email.py` to execute shell commands for runtime dependency installation (pip), which is a high-risk practice. Additionally, the script employs the cryptographically weak `AES.MODE_ECB` mode for generating authentication signatures sent to `https://iemail-api.dmartech.cn`. While the code's logic is consistent with its stated purpose of sending transactional emails, these implementation flaws represent significant security risks.
- External report
- View on VirusTotal