Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawAIMail MCP Server
v0.2.0Email infrastructure for AI agents — create inboxes, send and receive real emails, search messages, manage threads. Alternative to AgentMail with MCP server,...
⭐ 0· 245·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, README, SKILL.md and index.js all implement an MCP server that proxies requests to api.clawaimail.com and requires a CLAWAIMAIL_API_KEY — this is coherent with the stated purpose (email inbox creation, send/receive, search). However the registry summary at the top incorrectly lists no required env vars while server.json/package.json/index.js clearly require an API key; versions also differ (registry 0.2.0 vs package 0.1.1). These mismatches are unexplained and reduce confidence.
Instruction Scope
SKILL.md instructs only how to configure and run the MCP server and to set CLAWAIMAIL_API_KEY; the runtime code only calls the ClawAIMail API endpoints and does not instruct the agent to read unrelated system files or secrets. There is no instruction to exfiltrate unrelated data.
Install Mechanism
This is effectively an instruction-only skill with an included Node.js package (package.json, index.js, package-lock.json). Dependencies are standard npm packages (@modelcontextprotocol/sdk, zod, etc.) resolved from the npm registry per package-lock.json. There is no opaque download URL or archive extract step in the skill bundle. That said, installing npm dependencies carries normal supply-chain risk; the package-lock should be validated.
Credentials
The code and server.json require CLAWAIMAIL_API_KEY (and optionally CLAWAIMAIL_BASE_URL), which are reasonable and proportionate to an email API integration. The concern is that the registry metadata shown to the user earlier lists 'Required env vars: none' while server.json marks CLAWAIMAIL_API_KEY as required — a discrepancy that could mislead users into installing without providing the key or trusting the package metadata. Users should assume the API key is required and sensitive.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges: always is false, it does not claim to modify other skills or system-wide settings, and it runs as a local MCP server process. Autonomous invocation is allowed (platform default) but is not combined with any other high-risk capabilities.
What to consider before installing
This package appears to implement exactly what it claims (an MCP server that calls api.clawaimail.com) and requires a CLAWAIMAIL_API_KEY — which is appropriate for an email service — but there are packaging inconsistencies you should resolve before trusting it. Actions to consider before installing: 1) Verify the publisher and repository (https://github.com/joansongjr/clawaimail) are legitimate and match the skill listing. 2) Treat CLAWAIMAIL_API_KEY as a secret and only provide it to code you trust; consider creating a scoped/test key. 3) Confirm the package version you install (registry shows 0.2.0 while package.json is 0.1.1) and prefer installing from the authoritative npm package or repository rather than an unknown bundle. 4) Inspect package-lock.json for unexpected dependencies and run the server in an isolated environment (container) if possible. 5) If you need higher assurance, ask the publisher to correct the registry metadata (declare CLAWAIMAIL_API_KEY) and align versions; request an integrity-signed release or official npm package. These steps will reduce supply-chain and metadata-misrepresentation risk.Like a lobster shell, security has layers — review code before you run it.
latestvk977033ktmbnnv8ezasnx9ph5x82gga3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.