SendClaw Email - Bots & Agents get their own email address
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent email-integration skill, but it gives an agent a credentialed email channel and optional ongoing inbox checks, so users should set clear send/reply rules.
Install only if you want the agent to have its own SendClaw email address. Store the API key securely, decide whether every outgoing email needs approval, define allowed recipients and tasks, enable the heartbeat only if you want ongoing monitoring, and treat incoming emails as untrusted content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could send messages that others treat as coming from your assistant, which could cause confusion, commitments, or privacy exposure if used without clear rules.
The skill gives the agent an email-sending capability that can reach arbitrary third parties and potentially create real-world commitments. The behavior is disclosed and tied to human authorization, but users should notice the breadth of the capability.
POST /api/mail/send with `{to, subject, body, cc?}` ... `If your human authorizes you to ... register, make reservations or inquire anywhere.`Before use, decide whether each email needs confirmation, which recipients or domains are allowed, whether to CC the human, and what kinds of tasks the agent may handle by email.
Anyone who obtains the key could send email as the agent’s SendClaw address.
The API key is required to act as the SendClaw email identity. This is expected for the service and the skill includes a clear warning, but it is still sensitive delegated authority.
`All requests require: X-Api-Key: your-api-key` ... `Your API key is your identity. Leaking it means someone else can send emails as you.`
Store the key only in a secrets manager or equivalent protected storage, never paste it into unrelated tools, and rotate it if exposure is suspected.
The agent could continue checking mail and potentially replying after the initial setup unless the user sets boundaries.
The skill suggests a recurring inbox-check routine that may process and reply to messages. It is disclosed and email-related, but it represents ongoing autonomous activity if enabled.
`SendClaw Heartbeat (suggested: every 15 minutes)` ... `Process messages, reply if needed`
Enable heartbeat behavior only deliberately, define when it should stop, and require confirmation for replies unless the task clearly allows autonomous responses.
An outside sender could influence the agent’s conversation context, and reading unread messages changes mailbox state by marking them read.
Incoming email content is brought into the agent context and may be processed. This is core to the email purpose, but inbound messages can contain sensitive data or instructions from untrusted senders.
`GET /api/mail/messages?unread=true` ... `bodyText`: `Hey bot, can you help me with...` ... `Messages are auto-marked as read when using ?unread=true.`
Treat inbound email text as untrusted, do not let it override human instructions, and clarify whether the agent may mark messages as read automatically.
If the remote files change, a later manual install could pull different instructions than the registry artifact reviewed here.
The optional local install instructions fetch skill files directly from a remote domain into a local skill directory. This is user-directed and not automatic execution, but the remote artifacts could change over time.
`curl -s https://sendclaw.com/SKILL.md > ~/.sendclaw/skills/sendclaw/SKILL.md`
Prefer registry-managed installation when available, review fetched files before use, and verify that the source domain is the one you intended to trust.