Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Reader
v1.0.0邮件读取与管理技能 - 让 AI 能够读取、汇总、发送邮件。当用户要求查看邮件、汇总未读、发送邮件通知时触发此技能。
⭐ 0· 1.1k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Skill description and runtime instructions align: it reads and sends email via IMAP/SMTP and recommends the himalaya CLI. However, the registry metadata declares no required binaries or primary credential even though SKILL.md expects the himalaya CLI and user mail credentials—this mismatch should be clarified.
Instruction Scope
The instructions directly tell users how to configure accounts with username/password on the command line (examples show plaintext passwords in CLI args) and recommend periodic reminders. Showing CLI invocations that embed passwords is insecure and could lead to credential leakage (shell history, process listing, logs). The skill does not explicitly limit what the agent should read beyond the mail client, and the '定时提醒' (scheduled reminders) implies background/periodic actions without specifying how scheduling or authorization is handled.
Install Mechanism
There is no install spec in the registry (lowest-risk), but SKILL.md recommends installing himalaya via brew/cargo/winget—these are standard package sources. This is acceptable, but the registry should declare the binary dependency so users know the runtime requirement ahead of time.
Credentials
No required environment variables or primary credential are declared despite the skill needing email account credentials (app passwords, OAuth tokens, or auth codes). The README suggests using environment variables and OAuth (good), but the concrete examples show passing passwords directly in CLI flags which is disproportionate and unsafe. The skill requests access to sensitive secrets in practice but doesn't document or enforce a secure mechanism for them.
Persistence & Privilege
always:false (default) and autonomous invocation allowed (normal). The SKILL.md mentions scheduled reminders, which implies persistent or recurring actions, but the skill provides no mechanism for persisting schedules or elevating privileges. This is a behavioral note to clarify how and when the agent will run these reminders.
What to consider before installing
This skill appears to do what it claims (manage email via the himalaya CLI), but it has a few problems you should address before use:
- Clarify dependencies: the registry should list 'himalaya' as a required binary so you know it must be installed.
- Do NOT copy the example that puts passwords on the command line—this exposes credentials to shell history and process lists. Prefer OAuth or storing credentials in a secure environment variable or credential store.
- If you enable scheduled reminders, confirm how the agent will store the schedule and whether it runs autonomously; be cautious granting ongoing autonomous access to your email.
- When installing himalaya, use the official package source for your OS (brew, winget, crates.io) and verify the project repo.
- Consider requiring explicit environment variables (or an OAuth flow) for credentials and avoid sharing raw auth tokens with the skill. If you need me to, I can suggest a safer configuration and a checklist to harden usage of this skill.
Confidence is medium because the skill is instruction-only and coherent overall, but the missing metadata and insecure examples are concerning rather than definitive proof of malicious intent.Like a lobster shell, security has layers — review code before you run it.
latestvk979vzym31etxv07ara5najd8n81spj9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.