ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Email

v1.2.0

Email assistant skill — check emails, AI summaries, daily digests. Supports Gmail, Outlook/M365, Google Workspace. Users interact through their chat platform...

0· 227·0 current·0 all-time
by@jundonggit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (imap, oauth, ai, store, server) implements an email assistant that fetches mail via IMAP and Microsoft Graph and sends content to an AI service for summarization — this matches the skill description. Required binary (node) and npm dependencies (imapflow, better-sqlite3) are coherent. Minor inconsistency: registry metadata said “no install spec” but SKILL.md contains an npm install step; this is likely an authoring mismatch rather than malicious.
!
Instruction Scope
SKILL.md and UI instruct collecting app passwords and OAuth tokens to access users' mailboxes and to send email text to an AI API. The README explicitly claims “local encrypted storage,” but the implementation stores passwords and tokens in plaintext in data/email.db and config.json (store.js and config.js). The skill will send email bodies (or previews) to the configured AI API base — this is expected for summarization but is a sensitive data flow and can leak private email contents to whichever AI endpoint is configured. SKILL.md also suggests guiding users to provide App Passwords via chat (Telegram/WhatsApp/Feishu), which risks exposing credentials in transit or in chat history.
Install Mechanism
No remote arbitrary download is used: SKILL.md includes an npm install step and package.json lists dependencies from npm (imapflow, better-sqlite3). These are standard, traceable packages. better-sqlite3 has native components (prebuilds or build steps), so installation may require a suitable environment (node version, build tools). No suspicious external URLs or extract-from-URL installers were found.
!
Credentials
Registry declares no required env vars, but config.js supports environment overrides via EMAIL_SKILL_<KEY>. The skill requires user-provided AI API keys (ai_api_key) and optionally Microsoft client id/tenant (ms_client_id, ms_tenant_id). Those credentials are necessary for the stated functionality, but the code stores them locally in plaintext config.json and email.db. Also the ai_api_base is configurable — a malicious or misconfigured base could receive full email content. The number and type of credentials requested (email passwords, OAuth tokens, AI API key) are proportionate to an email summarizer, but the storage method and how users are asked to provide them (chat messages) are not.
Persistence & Privilege
The skill does not request global or always-on privileges (always: false). It persists its own data under <SKILL_DIR>/data (email.db, config.json). The web UI generates and stores a web_token in the config file and accepts the token via cookie or URL query parameter; exposing tokens in query strings can leak via logs if the port is forwarded. The skill does not modify other skills or system-wide settings.
What to consider before installing
What to consider before installing/using this skill: - The skill will ask you for mailbox access: OAuth tokens or app passwords. These are stored locally in data/email.db (plaintext). Do not install if you require encrypted-at-rest storage unless you add/enforce encryption yourself. - SKILL.md claims local encrypted storage, but the code does not encrypt secrets—this is a false claim. Treat stored passwords/tokens as plaintext on disk. - The skill sends email text to the configured AI API (ai_api_base). Only set ai_api_base to a trusted provider (and prefer keeping sensitive content off third-party services). If you must use external summarization, prefer a provider you control or one with appropriate privacy commitments. - Prefer OAuth (Outlook/M365) over app passwords when possible. Avoid pasting app passwords into public or untrusted chat channels; the skill’s UX sometimes expects the user to supply passwords via chat which can be insecure. - The web UI exposes an access token and accepts it via query parameter; run the web UI only bound to localhost and avoid port-forwarding to the public internet. Protect <SKILL_DIR>/data and config.json with strict filesystem permissions. - If you need strong assurances (encrypted storage, audited network endpoints), review/modify the code: implement encrypted credential storage, restrict ai_api_base to allowed hosts, and add logging/consent notices before sending email bodies externally. If you’re not comfortable auditing or modifying the code yourself, run the skill in an isolated environment (VM/container) or decline installation.

Like a lobster shell, security has layers — review code before you run it.

emailvk97aybvqmcpd5q4mprxqh1f8fh82r77mimapvk97aybvqmcpd5q4mprxqh1f8fh82r77mlatestvk97aybvqmcpd5q4mprxqh1f8fh82r77mproductivityvk97aybvqmcpd5q4mprxqh1f8fh82r77mweb-uivk97aybvqmcpd5q4mprxqh1f8fh82r77m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binsnode

Comments