ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mailbox-skill

v1.0.0

Use when working through the workspace mailbox protocol under .mailbox, including reading inbox items, composing replies in a private scratch area, and deliv...

0· 90·0 current·0 all-time
byLEO@leoustc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the files and instructions. The skill only needs read/write access to .mailbox paths and includes a small Python helper; there are no unrelated environment variables, binaries, or cloud credentials requested.
Instruction Scope
Instructions explicitly direct reading inbox files, drafting replies in local scratch files, delivering replies by copying to receiver inbox paths, and deleting processed inbox messages. These actions are appropriate for a mailbox contract, but they are destructive (delete original inbox files) and allow writing to arbitrary filesystem paths provided as inbox destinations — the operator should ensure the agent is permitted to read/write/delete the target paths and that those paths are trusted.
Install Mechanism
Instruction-only skill with no install spec. The only code is a small, clear Python script (generate_message.py) that builds Markdown frontmatter messages. No network downloads or package installs are required.
Credentials
No environment variables, secrets, or credentials are requested. The skill asks only for filesystem paths in messages, which is proportional to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent inclusion or modify other skills. It can run autonomously per platform defaults, which is expected for skills.
Assessment
This skill appears to do exactly what it says: read and write mailbox-style Markdown messages under a workspace .mailbox. Before installing, confirm you trust any agents or workspaces whose inbox paths may be used (messages instruct copying files to arbitrary receiver paths) and accept that processed inbox messages may be deleted by the workflow. Review generate_message.py if you want to validate message output formatting. If you do not want agent processes to be able to write or delete files in other workspace directories, do not enable this skill or restrict the agent's filesystem access accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk974nhfwjac9w9gp3nxttf9ywn8367w9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments