Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
cloudflare-mail-reader
v1.0.0Read one mailbox's messages or a paginated mail list from a Cloudflare temporary mail system through the `/admin/mails` admin API and return structured resul...
⭐ 0· 71·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and the included script all target an admin API that returns mailbox messages — this is coherent. However the skill is named “cloudflare-mail-reader” while the default API URL is mail-api.suilong.online (not an official cloudflare.com host). That can be legitimate (a third‑party deployment) but is a potential source-of-trust ambiguity the user should verify. Also the registry metadata declares no required env vars while SKILL.md lists multiple sensitive environment variables the script will accept.
Instruction Scope
The SKILL.md workflow is focused: collect address/limit/offset, run the included script, pass runtime credentials via flags or env vars, return normalized JSON or CSV. It does not instruct reading unrelated local files or sending data to endpoints other than the configured API URL. It explicitly warns not to store credentials in the skill.
Install Mechanism
No install spec is provided (instruction-only with a bundled script). That is the lowest-risk install mechanism: nothing is downloaded at install time. The included Python script will execute when invoked, but there is no external installer or archive to fetch.
Credentials
The skill accepts multiple sensitive runtime headers/tokens (x-admin-auth, Authorization Bearer, x-user-token, etc.). These are proportionate for an admin mail API, but they are high‑sensitivity secrets and the registry metadata did not mark any required env vars. Important: using the skill will send those tokens to the configured API URL (default: mail-api.suilong.online). If that endpoint is not under your control or you do not trust it, these credentials could be exposed.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and the agent config allows implicit invocation. This is typical for skills. There is no install-time modification of other skills or global agent settings in the bundle.
What to consider before installing
Before installing or invoking: 1) Verify who operates https://mail-api.suilong.online (this is not an official cloudflare.com domain); do not pass admin or long-lived tokens to an endpoint you don't control. 2) Prefer short‑lived credentials or scoped tokens, and rotate any token used with this skill. 3) The SKILL.md lists several sensitive environment variables — the registry metadata did not declare them as required; treat them as sensitive and only supply at runtime. 4) If you need stronger assurance, review the full read_mails.py script (the provided review was truncated) or run it in an isolated environment where credentials and network access are controlled. 5) If you want to avoid sending secrets to a third party, change --api-url to a backend you control or decline to install the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk977tn5bzfbqhtayk2jjc9s2gh83kbjj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.