Skillv1.0.7

ClawScan security

Sendflare · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 17, 2026, 1:54 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The code and docs mostly implement an email/contact skill, but there are multiple inconsistencies (attachment support promised in the short description, but explicitly disabled in the SKILL.md/code; registry metadata says no credentials required while package/schema require an apiToken), so the package should be verified before use.
Guidance: Before installing or enabling this skill: 1) Ask the publisher to correct the inconsistencies (short description claiming attachment support vs SKILL.md/code saying attachments are NOT supported; registry metadata claiming no credentials vs package requiring apiToken). 2) Only provide a Sendflare API token if you trust the publisher and after reviewing the Sendflare-sdk-ts npm package (check its source and maintainers). 3) The code currently hardcodes the 'from' address to 'noreply@yourdomain.com' (TODO to read from config) — verify and configure a verified sender domain in Sendflare to avoid delivery/auth failures. 4) Don’t assume the SKILL.md privacy claim (encrypted storage) without platform guarantees — ask how/where credentials are stored and whether they are encrypted at rest. 5) If you proceed, test in a restricted/sandboxed agent with a limited-scope API token, and rotate the token afterwards if you stop using the skill. If the author cannot explain/resolve the description/metadata mismatches, treat the package with caution.
Findings: [base64-block] expected: The pre-scan flagged base64 blocks. These correspond to embedded source map data URIs in the compiled dist/*.js files (sourceMappingURL with base64). This is common for distributed TypeScript builds and not by itself malicious, but the flag should be reviewed if unfamiliar base64 content appears elsewhere.

Review Dimensions

Purpose & Capability: concernThe package implements sending email and contact management via a Sendflare SDK and declares an apiToken/appId configuration in package/skill.yaml and config.schema.json. However the top-level registry metadata lists no required env vars/credentials and the skill's short description (in the prompt) claims attachment support while the SKILL.md, README and code explicitly state '不支持发送附件' (attachments not supported). These mismatches are incoherent and should be clarified by the author.
Instruction Scope: noteSKILL.md and code limit actions to parsing user messages and calling the Sendflare SDK. The instructions do not request unrelated files or extra credentials. However the SKILL.md asserts '所有 API 凭证均加密存储' but the code only stores config in memory during initialization (no evidence in-repo of encryption or persistence). Also some TODOs (e.g. 'from' address read-from-config, appId for contacts) indicate incomplete behavior rather than malicious scope creep.
Install Mechanism: noteThere is no platform install spec, but package.json and package-lock.json declare a dependency on 'Sendflare-sdk-ts' from the npm registry. This is expected for a Sendflare SDK-based skill, but it means an external npm package will be pulled at install time; the skill does not download arbitrary archives or use obscure URLs. Verify the Sendflare-sdk-ts package source before installing.
Credentials: concernThe skill legitimately requires a Sendflare API token (apiToken) and optionally appId for contact operations. Those are the only credentials referenced in code/package files. However the registry metadata incorrectly lists no required env vars/credentials which is inconsistent and could mislead users into installing without providing the necessary token. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated/system-wide privileges. It has declared network permission to talk to api.Sendflare.com in skill.yaml. It does not attempt to modify other skills or system config in the provided sources.