ClawHub

Mailgun Simple

v2.2.0

Send outbound emails via the Mailgun API. Uses MAILGUN_API_KEY, MAILGUN_DOMAIN, MAILGUN_REGION, and MAILGUN_FROM.

2· 705·0 current·0 all-time
byCoder AI@lksrz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env vars (MAILGUN_API_KEY, MAILGUN_DOMAIN, MAILGUN_REGION, MAILGUN_FROM), required binary (node), and npm deps (mailgun.js, form-data) all directly relate to sending Mailgun emails.
Instruction Scope
SKILL.md and scripts/send_email.js only instruct running the Node script and reading the declared environment variables; the code uses only those vars and Mailgun endpoints and does not access unrelated files, paths, or external endpoints.
Install Mechanism
Dependencies are installed via npm (mailgun.js@12.7.0 and form-data@4.0.1). This is the expected mechanism for a Node Mailgun integration; no arbitrary URL downloads or extract operations are present.
Credentials
Requested environment variables are minimal and necessary for Mailgun usage. MAILGUN_API_KEY is the primary credential; MAILGUN_FROM, DOMAIN, and REGION are appropriate and justified.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but not excessive here.
Assessment
This skill appears to do exactly what it says: it needs your Mailgun API key and domain to send email. Before installing, consider: (1) only provide a Mailgun API key you trust the skill to use—prefer a scoped/limited key if Mailgun supports it; (2) be aware the skill can send emails to arbitrary recipients while it has the key, so don't expose highly-privileged keys in shared environments; (3) npm dependencies carry normal supply-chain risk—review versions if you need stricter controls; (4) if you plan to allow autonomous invocation, limit where it can send or require explicit confirmation to avoid accidental mass sends. Rotate the API key if you later remove the skill or suspect it was exposed.

Like a lobster shell, security has layers — review code before you run it.

latestvk977dzaeayjm00ckvwysz9ppnd81dg9z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvMAILGUN_API_KEY, MAILGUN_DOMAIN, MAILGUN_REGION, MAILGUN_FROM
Primary envMAILGUN_API_KEY

Install

Install Mailgun SDK dependenciesnpm i -g mailgun.js@12.7.0 form-data@4.0.1

Comments