critical
suspicious.env_credential_access
- Location
- scripts/send.mjs:18
- Finding
- Environment variable access combined with network send.
Resend Send Native Node
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If used incorrectly, the agent could send an email the user did not intend, but the documented workflow requires review and approval first.
Why it was flagged
The skill can cause a real outbound email, which is an external action. The artifact discloses this and instructs agents to require explicit approval.
Skill content
This skill is send-only, but it is still externally mutating. ... Use `--send` only after the user explicitly approves that exact recipient, subject, and body.
Recommendation
Use the dry-run output first, approve the exact recipient, subject, and body, and only then allow --send.
What this means
Anyone or any agent process with access to the Resend API key and allowed recipients could send mail through that Resend account.
Why it was flagged
The script uses a Resend API key from the process environment to authorize email sends. This is expected for the stated purpose, but it is still delegated account authority.
Skill content
const key = (process.env.RESEND_API_KEY || "").trim(); ... Authorization: `Bearer ${apiKey}`Recommendation
Use a least-privilege Resend key, keep it out of shared environments, set RESEND_ALLOWED_TO narrowly, and rotate the key if exposed.
What this means
Users have less external provenance information for the package owner or project history.
Why it was flagged
The registry metadata does not provide an upstream source or homepage. The included script has no dependencies and is directly reviewable, so this is a provenance note rather than a behavior concern.
Skill content
Source: unknown; Homepage: none
Recommendation
Review the included script before use and prefer installing from trusted owners or packages with clear source provenance when available.