Aliyun Mail
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user selects the wrong attachment or recipient, private local files could be emailed externally.
The tool can read user-specified local files and include them in an outgoing email. This is the advertised attachment feature, but it can transmit private files if invoked with the wrong paths or recipient.
with open(filepath, "rb") as attachment: ... part.set_payload(attachment.read()) ... server.sendmail(msg['From'], to_email, text)
Review recipients, message content, and attachment paths before sending. Consider using a dedicated directory or allowlist for files that may be attached.
Anyone or any agent process able to use this configured skill may be able to send email through the configured account.
The skill requires SMTP account credentials so it can authenticate and send mail as the configured account. This is expected for an SMTP email-sending skill, but it grants delegated authority over that mailbox.
"username": "your-email@yourdomain.com", "password": "your-app-password"
Use an app-specific password or dedicated mailbox with limited permissions, keep the config file private, and rotate credentials if the environment is shared or compromised.
A future dependency version change could affect behavior or introduce vulnerabilities.
The documented dependency installation uses unpinned package names. These packages are purpose-aligned for Markdown conversion and highlighting, but unpinned installs can change over time.
pip install markdown pygments
Install dependencies from a trusted package index and consider pinning known-good versions in a controlled environment.