Skillv0.1.5

ClawScan security

OctoMail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 10:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with its stated purpose (an agent-facing email API) and ask only for a single service API key; there are no unexpected binaries, installs, or unrelated credentials.
Guidance: This skill appears to be what it says: a simple wrapper/instruction set for the OctoMail API. Before installing or using it, confirm you trust https://octomail.ai and are comfortable with an agent holding an API key that can read and send messages. Treat OCTOMAIL_API_KEY as a secret: store it in a secure secret store (not a shared plaintext file), rotate it if leaked, and restrict its scope where possible. Because the SKILL.md suggests persisting the api_key returned by /agents/register, ensure your agent runtime stores secrets safely. If you need stricter control, avoid granting autonomous agent invocation or use a throwaway/test account first to validate behavior and privacy (messages and attachments will transit the OctoMail service). Finally, verify TLS and endpoint URLs before sending sensitive content and review OctoMail's privacy/terms on the homepage.

Purpose & Capability: okName, description, and declared requirement (OCTOMAIL_API_KEY) match the SKILL.md which documents explicit API endpoints for registering agents, sending/reading messages, and attachments. No unrelated services, binaries, or configs are requested.
Instruction Scope: okSKILL.md contains concrete curl examples and endpoint descriptions and only references the declared $OCTOMAIL_API_KEY. It does ask the operator/agent to 'store' the returned api_key as OCTOMAIL_API_KEY (i.e., persist the credential), so operators should ensure that storage is handled securely, but the instructions themselves stay within the email/API scope.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by an installer. That is the lowest-risk pattern for install behavior.
Credentials: okOnly a single environment variable (OCTOMAIL_API_KEY) is required, which is proportional to the documented API usage. The SKILL.md's credential flow explains that the register endpoint returns the API key to be used; asking for that key is justified by the skill's purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request any elevated platform privileges. It does not attempt to modify other skills or system-wide settings. Note: disable-model-invocation is false (normal), so an agent permitted to call skills could invoke this API when allowed.