ClawHub

Thunderbird

v0.1.1

Read and search local Mozilla Thunderbird mail storage on disk. Use when working with Thunderbird profiles, extracting emails from local folders or IMAP cach...

0· 213·0 current·0 all-time
byTilen Komel@komelt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included CLI script and README: the skill locates Thunderbird profiles, parses prefs.js, reads mbox/Maildir under Mail/ and ImapMail/, and can list/search messages and attachments — all expected for an offline Thunderbird inspector.
Instruction Scope
SKILL.md instructs running the bundled Python script and documents the exact files/paths used (prefs.js, Mail/, ImapMail/, mbox/maildir). The instructions do not request unrelated files, network calls, or hidden endpoints. The script can save attachments to disk when the user supplies --save-attachments (expected behavior).
Install Mechanism
No install spec — instruction-only with a bundled Python script. Nothing is downloaded or written to disk by an installer; risk from install mechanism is minimal.
Credentials
The skill declares no required environment variables or credentials. The code reads APPDATA from the environment to find Windows profile roots, which is appropriate for locating Thunderbird data and is proportionate to the purpose.
Persistence & Privilege
always:false and no requests to modify other skills or agent-wide config. The skill runs on demand and does not request permanent elevated presence.
Assessment
This skill legitimately reads local Thunderbird profile files (prefs.js, mail folders/caches) and can extract message bodies and attachments. Before installing or letting an agent use it, be aware that it will expose email content from any profile it can access — sensitive personal or corporate data may be read. The skill does not request external credentials or perform network exfiltration in the provided code, but review and test the script in a safe environment if you have privacy concerns, and avoid running it under an agent with broad filesystem access unless you explicitly trust it. If you want stricter control, run the script manually (not via an autonomous agent) and point it at a single profile path rather than allowing automatic profile discovery.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dmvkj9v6jg920sdgwwp9xrx82r777

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments