Email check and vaildation
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and purpose-aligned, but it sends email addresses to Apipick and uses an Apipick API key that can consume credits.
This skill appears safe for its stated purpose. Before installing, make sure you are comfortable sharing checked email addresses with Apipick and using an API key that may consume credits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Apipick API key may be used to spend validation credits, so it should be treated like a credential.
The skill uses a service credential to authenticate requests. This is expected for the Apipick integration, but the key can authorize API usage and consume account credits.
Requires an apipick API key (x-api-key)... Use `$APIPICK_API_KEY` env var as the `x-api-key` header value; if not set, ask the user for their apipick API key
Use a dedicated Apipick key with limited exposure, store it in the APIPICK_API_KEY environment variable, and avoid pasting long-lived secrets into chat when possible.
Email addresses you ask to validate will be shared with Apipick for checking.
The skill sends the email address being checked to a third-party API. The endpoint and payload are clearly disclosed and match the purpose.
POST https://www.apipick.com/api/check-email ... {"email": "user@example.com"}Only validate addresses you are comfortable sending to Apipick, and review Apipick's privacy and retention terms for sensitive or bulk lists.