eMail manager lite
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A network attacker or impersonated IMAP endpoint could potentially capture mailbox credentials or expose email contents.
The script authenticates to IMAP/SMTP with the user's email password or app password, while the IMAP configuration disables server certificate verification.
const EMAIL_PASS = process.env.EMAIL_PASS; ... tlsOptions: { rejectUnauthorized: false }Remove `rejectUnauthorized: false` by default, make any self-signed-certificate mode an explicit opt-in warning, and declare EMAIL_USER/EMAIL_PASS as credential requirements in metadata.
If invoked with the wrong recipient, body, UID, or folder, the agent could send an unintended email or move the wrong message.
The skill can send outbound email and move mailbox messages when invoked. This matches the stated purpose, but these are high-impact account actions.
await transporter.sendMail({ from: EMAIL_USER, to, subject, text }); ... await connection.moveMessage(uid, targetFolder);Use this skill only with explicit user confirmation for send and move operations, and verify recipients, message content, UIDs, and target folders before running commands.
Dependency changes or compromised packages could affect code that has access to mailbox data and credentials.
The documented npm install will fetch third-party packages using semver ranges. This is expected for the Node email functionality, but the dependency chain handles email credentials and message content.
"dependencies": { "imap-simple": "^5.1.0", "mailparser": "^3.9.3", "nodemailer": "^7.0.13" }Pin dependency versions with a lockfile, install from trusted registries, and review dependency updates before using the skill with real email credentials.
Sensitive email text may enter the agent context, and malicious emails could try to influence the agent if treated as instructions.
Read/search commands print email headers and body previews into the agent-visible output. Email content is private and may also contain untrusted instructions.
console.log(`From: ${mail.from.text}`); ... console.log(`\n📝 Body:\n${mail.text.substring(0, 500)}${mail.text.length > 500 ? '...' : ''}`);Treat retrieved email content as data, not instructions; avoid broad searches unless needed, and redact sensitive message content before sharing it further.