Back to plugin

Security audit

ClawMailReader

Security checks across malware telemetry and agentic risk

Overview

The plugin matches its stated read, organize, and draft-only email purpose, but it still needs mailbox credentials and can move/archive mail or create drafts, so permissions should be kept limited.

This skill appears coherent and purpose-aligned. Before installing, decide which accounts it should access, limit the allowed tools to the workflows you want, store provider secrets through OpenClaw SecretRefs or environment variables, and remember that move/archive/draft tools can still change your mailbox even though sending and deletion are not exposed.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.