AgentSend Email
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for giving an agent an email inbox, but users should understand that it installs a third-party MCP runtime with email, webhook, and credential-storage capabilities.
This skill appears purpose-aligned and not malicious from the provided artifacts. Before installing, be comfortable with a third-party MCP package handling an AgentSend inbox, use a dedicated API key or sandbox account, confirm outbound email details, and only register webhook URLs you control.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may send email or connect inbox events to a webhook when the user asks it to use those functions.
The skill exposes tools that can send outbound email and configure webhooks. This is purpose-aligned, but these actions can affect external recipients or route events outside the inbox.
`send_email`: send plain text or HTML email ... `register_webhook`: register a webhook URL for real-time events
Use the skill for deliberate email workflows, verify recipients and message content before sending, and only register webhook URLs you control.
The agent can operate an AgentSend email account tied to the provided API key or a locally stored sandbox credential.
The skill can use a service API key or create and persist sandbox credentials. This is disclosed and fits the email-inbox purpose, but it is still delegated account authority.
`AGENTSEND_API_KEY` is optional. If it is set, use that account. If `AGENTSEND_API_KEY` is not set, the MCP server auto-provisions a sandbox account on first run and stores credentials in `~/.agentsend/credentials.json`.
Use a dedicated AgentSend key or sandbox account, understand the sandbox limits, and remove ~/.agentsend/credentials.json if you no longer want the local credential retained.
Installing the skill means trusting the @agentsend/mcp package to handle email operations and credentials correctly.
Runtime behavior is delegated to an external npm MCP package rather than code included in this artifact set. This is normal for this kind of skill, but package provenance matters.
node | package: @agentsend/mcp | creates binaries: agentsend-mcp
Install from the official package source and review the package or vendor documentation if your email workflows are sensitive.
Email contents and inbox events may be handled by the agent and, for webhooks, sent to a configured endpoint.
The skill can expose email contents to the agent and can configure webhook event delivery. The artifact includes a mitigating rule to only use user-controlled webhook URLs.
`get_email`: fetch the full body, headers, and attachment metadata of a message ... Register webhooks only for URLs the user controls.
Avoid using the skill with highly sensitive messages unless you trust the service and only configure webhooks to endpoints you own.