Email Daily Summary Zc
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s email-summary purpose is clear, but it asks for broad control of logged-in email browser sessions, optional AI processing of email content, and scheduled background runs without enough scoping or credential safeguards.
Review carefully before installing. Only use this with accounts you are comfortable exposing to browser automation, do not type passwords into command-line examples, avoid optional AI extraction unless you understand where email content is sent, and set up cron/launchd only if you want ongoing daily background access.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could access email as the logged-in user, and entering a password on the command line can expose it through shell history, logs, or process inspection.
The skill directs use of existing logged-in email browser sessions and shows password entry as a CLI argument. Email sessions and passwords are high-impact authority, and the artifacts do not define a read-only account boundary or safe credential-handling control.
使用 `--browser real` 模式可以复用你 Chrome 浏览器中已登录的邮箱会话 ... `browser-use input <password_input_index> "your-password"`
Avoid command-line passwords, prefer provider-approved OAuth/app-specific read-only access, and require explicit user confirmation for any account access.
A mistaken or manipulated browser automation step could operate inside the user’s logged-in mailbox with more power than just reading messages for a summary.
The allowed tool scope is a wildcard for browser-use, and the instructions include raw JavaScript/Python execution against webmail pages. This is broader than a constrained summary workflow and lacks documented approval gates for non-read actions.
allowed-tools: Bash(browser-use:*) ... `browser-use eval "... document.querySelectorAll('tr.zA') ..."` ... `browser-use python "... browser.scroll('down') ..."`Restrict allowed browser commands to the minimum needed for read-only summarization and require confirmation before clicks, form input, downloads, deletions, sends, or other mutations.
Email sender names, subjects, snippets, or summaries may leave the local browser environment for AI processing.
The AI extraction step could route sensitive email metadata/snippets through an external browser-use or AI provider, but the artifacts do not identify the provider, retention policy, or data minimization boundaries.
如果配置了 API Key,可以使用 AI 自动生成邮件摘要 ... `browser-use extract "提取前 10 封邮件的发件人、主题和摘要,按重要性排序"`
Clearly disclose the AI/provider destination and retention behavior, ask for consent before sending email content, and minimize or redact sensitive data.
Email details may remain on disk in screenshots or logs after the summary is generated.
The workflow stores screenshots and logs derived from email content. This is aligned with generating summaries, but the stored files may contain sensitive mailbox information and no retention or protection guidance is provided.
`OUTPUT_DIR="./email_summaries"` ... `browser-use screenshot "$OUTPUT_DIR/inbox_$DATE.png"` ... `StandardOutPath` `/tmp/email_summary.log`
Store outputs in a user-approved private location, avoid logging sensitive content, and provide cleanup/retention instructions.
The summary job can keep running every day in the background after setup.
The skill documents cron and launchd scheduling for daily execution. This is disclosed and purpose-aligned, but it is persistent automation that continues reading/logging email-derived data until removed.
`0 9 * * * /path/to/email_daily_summary.sh >> /path/to/logs/email_summary.log 2>&1` ... `launchctl load ~/Library/LaunchAgents/com.email.dailysummary.plist`
Provide clear unload/disable commands, make scheduling opt-in, and remind users where logs and summaries are stored.
Users may install a moving third-party dependency before using the skill.
The skill depends on installing an external browser automation CLI, but the package/version is not pinned and the registry requirements list no required binaries or install spec.
`uv pip install browser-use[cli]` ... `browser-use install`
Declare the dependency in metadata, pin known-good versions, and document the trusted package source.