Back to skill
Skillv2.2.0
ClawScan security
Mailgun Simple · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 9:22 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, install steps, and required environment variables are consistent with its stated purpose of sending email via the Mailgun API.
- Guidance
- This skill appears to do exactly what it says: it needs your Mailgun API key and domain to send email. Before installing, consider: (1) only provide a Mailgun API key you trust the skill to use—prefer a scoped/limited key if Mailgun supports it; (2) be aware the skill can send emails to arbitrary recipients while it has the key, so don't expose highly-privileged keys in shared environments; (3) npm dependencies carry normal supply-chain risk—review versions if you need stricter controls; (4) if you plan to allow autonomous invocation, limit where it can send or require explicit confirmation to avoid accidental mass sends. Rotate the API key if you later remove the skill or suspect it was exposed.
Review Dimensions
- Purpose & Capability
- okName/description, required env vars (MAILGUN_API_KEY, MAILGUN_DOMAIN, MAILGUN_REGION, MAILGUN_FROM), required binary (node), and npm deps (mailgun.js, form-data) all directly relate to sending Mailgun emails.
- Instruction Scope
- okSKILL.md and scripts/send_email.js only instruct running the Node script and reading the declared environment variables; the code uses only those vars and Mailgun endpoints and does not access unrelated files, paths, or external endpoints.
- Install Mechanism
- okDependencies are installed via npm (mailgun.js@12.7.0 and form-data@4.0.1). This is the expected mechanism for a Node Mailgun integration; no arbitrary URL downloads or extract operations are present.
- Credentials
- okRequested environment variables are minimal and necessary for Mailgun usage. MAILGUN_API_KEY is the primary credential; MAILGUN_FROM, DOMAIN, and REGION are appropriate and justified.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges or modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but not excessive here.