ClawHub

Himalaya

v1.0.0

CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).

61· 36.8k·1.4k current·1.4k all-time
byAndré Lamelas@lamelas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CLI email client) matches the instructions: all commands are himalaya CLI invocations, configuration references (~/.config/himalaya/config.toml), and message composition with MML. The metadata's brew install entry is proportional to installing a CLI tool.
Instruction Scope
SKILL.md instructs the agent to run himalaya commands and to read/use the user's config file (~/.config/himalaya/config.toml). It also documents mechanisms for retrieving passwords via commands (backend.auth.cmd) and using local file paths for attachments. These are expected for an email client but are noteworthy because they mean the CLI (when invoked) may read local files and execute configured retrieval commands.
Install Mechanism
There is no aggressive install script in the registry; metadata suggests a brew formula (himalaya) which is a standard package distribution method. No downloads from arbitrary URLs or extracted archives are present in the skill bundle.
Credentials
The skill declares no required environment variables or credentials. However, the configuration examples show storing credentials in the config file (including raw passwords) or fetching them via commands like 'pass show ...' or keyring. Those are normal for an email client but mean the running CLI will access secrets supplied in the config or returned by configured commands—so credential access is proportional but sensitive.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills/system-wide settings. Autonomous invocation is allowed by default (platform behavior) but not combined here with other red flags.
Assessment
This skill is an instruction-only helper for the Himalaya CLI and appears internally consistent. Before installing/using it: 1) Verify you trust the upstream Himalaya project and the brew formula source (homepage points to the GitHub repo). 2) Do not put raw passwords in ~/.config/himalaya/config.toml; prefer a system keyring or a password manager command (e.g., pass) and ensure any command you configure to emit passwords is trusted. 3) Be aware that composing messages with attachments or MML may cause the CLI to read arbitrary local file paths you specify—avoid allowing attachments that reference sensitive files. 4) Check file permissions on your config (it will contain credentials or commands to retrieve them). 5) If you want tighter control, run the CLI manually rather than granting an autonomous agent unrestricted ability to invoke it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972c3cy05pgq2pw4017bykcc57ywcwr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binshimalaya

Install

Install Himalaya (brew)
Bins: himalaya
brew install himalaya

Comments