Security audit
ClawMailReader
Security checks across malware telemetry and agentic risk
Overview
The plugin matches its stated read, organize, and draft-only email purpose, but it still needs mailbox credentials and can move/archive mail or create drafts, so permissions should be kept limited.
This skill appears coherent and purpose-aligned. Before installing, decide which accounts it should access, limit the allowed tools to the workflows you want, store provider secrets through OpenClaw SecretRefs or environment variables, and remember that move/archive/draft tools can still change your mailbox even though sending and deletion are not exposed.
VirusTotal
60/60 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
