critical
suspicious.env_credential_access
- Location
- index.js:27
- Finding
- Environment variable access combined with network send.
163mail
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.insecure_tls_verification
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone installing or inspecting the skill could gain access to that mailbox authorization code, and the agent may use the bundled account by default.
Why it was flagged
The package includes a populated mailbox configuration with authorization-code fields instead of only the documented template.
Skill content
"email": "zong.yz@163.com", "imapPassword": "[redacted]", "smtpPassword": "[redacted]"
Recommendation
Remove config.json from the package, revoke the exposed 163 authorization code, and require each user to provide their own credentials through a secure config path or environment variables.
ConcernHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If this script is run, it can send an email from the configured account without the user explicitly choosing the recipient or message content.
Why it was flagged
This included standalone script sends a prewritten message to a hardcoded recipient using the configured mailbox, rather than requiring a user-provided recipient and body.
Skill content
skill.utils.sendEmail('zongxuliang@163.com', '好好看下这篇文章', email).then(result => {Recommendation
Remove hardcoded mail-sending scripts or convert them into documented examples that require explicit user-supplied recipient, subject, body, and confirmation.
ConcernHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running this file can immediately create and send an attachment from the configured mailbox, even though attachment sending is not part of the documented command set.
Why it was flagged
The file calls its send function at top level, creating a document and sending it as an attachment to a fixed address whenever the script is executed.
Skill content
to: 'zongxuliang@163.com', ... attachments: [{ filename: 'OpenClaw_Introduction.docx', path: filePath }] ... createAndSendWordEmail();Recommendation
Do not ship self-executing helper scripts that perform account actions; require an explicit command path, user parameters, and confirmation for sending attachments.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A network attacker could impersonate the mail server more easily and potentially observe mailbox credentials or email contents.
Why it was flagged
The IMAP client disables TLS certificate verification for a credential-bearing connection.
Skill content
tlsOptions: { rejectUnauthorized: false },Recommendation
Remove rejectUnauthorized: false and rely on normal certificate validation unless the user explicitly configures a trusted certificate exception.
Findings (3)
critical
suspicious.exposed_secret_literal
- Location
- index.js:40
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.insecure_tls_verification
- Location
- index.js:44
- Finding
- HTTPS certificate verification is disabled.