email skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mailbox Version: 1.0.0 The skill bundle describes an OpenClaw skill to manage email using a `mailbox-cli`. All instructions and examples in `SKILL.md` are directly related to the stated purpose, including installing the CLI via `npm` and accessing `~/.config/mailbox/auth.json` for credentials. There is no evidence of prompt injection attempts against the agent, data exfiltration, malicious execution beyond standard package installation, persistence mechanisms, or obfuscation. Safety rules for destructive operations are explicitly mentioned, indicating a focus on secure usage.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the agent may be able to read mailbox contents and perform mailbox actions through the configured account.
The skill relies on a local mailbox credential profile, while the registry declares no primary credential or required config path. Email account credentials are high-impact because they can expose private messages and enable account actions.
- Credentials in `~/.config/mailbox/auth.json`
Use a dedicated or least-privilege mailbox account if possible, verify what is stored in the auth file, and require explicit user approval before account-changing actions.
A mistaken or over-broad delete command could remove email from the mailbox.
The skill documents a destructive delete operation. It is aligned with the stated email-management purpose and includes safety rules, but deletion is still a high-impact action.
`mailbox email delete <email_uid> --account-id <account_id> --folder INBOX --confirm --json`
Only allow deletion after reviewing the target account, folder, and email UID; prefer dry-run behavior before using --confirm.
Installing or using the wrong or compromised CLI package could expose email credentials or perform unintended mailbox actions.
The skill depends on a globally installed external npm CLI that is not included in the reviewed artifact set. Because that CLI will handle mailbox credentials and email actions, package provenance and version pinning matter.
- mailbox CLI installed (`npm install -g mailbox-cli`)
Verify the npm package source, maintainer, version, and integrity before installing; prefer pinned versions and a trusted project homepage or repository.
Mailbox access could continue through scheduled or repeated monitoring workflows if enabled.
The skill includes a monitoring command and says OpenClaw handles scheduling. This is consistent with email monitoring, but it may create recurring or long-running access to mailbox data depending on how it is invoked.
`mailbox monitor run --json`
Confirm how monitoring is started, stopped, and scheduled before enabling it.