Mailinator - Free, Disposable, Email
PendingAudited by VirusTotal on May 11, 2026.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the CLI means trusting code that was not available in this review.
The skill directs users to execute an external npm package, but no package code or install spec is included in the reviewed artifacts.
npm install -g mailinator-cli # Or use with npx (no install) npx mailinator-cli inbox test public
Verify the npm package publisher and version before installing, prefer pinned versions, and avoid global installation unless you trust the package.
If configured with a Mailinator API token, the agent or CLI may be able to read private-domain inboxes available to that token.
Private-domain access requires an API token, which can grant access to non-public Mailinator inboxes.
Subscribers to the Mailinator service may provide their API token (via Auth header or token= query parameter) and access their private domains.
Use the least-privileged token available, prefer an Authorization header or environment variable over URL query parameters, and revoke the token when no longer needed.
Email metadata or references may persist locally after use, which could matter if messages contain sensitive test data, links, or codes.
The skill says inbox data may be cached locally, but the artifact does not specify cache location, retention, or cleanup behavior.
**Smart Caching**: Local inbox cache for fast email retrieval by reference number
Avoid sending sensitive production secrets to disposable inboxes, learn where the cache is stored, and clear it when finished.
An email body could contain instructions or links that an assistant might mistakenly treat as user intent.
Retrieved emails are external, untrusted content that may be placed into the assistant context for analysis.
**Email Retrieval**: Fetch individual emails in 10+ formats (text, HTML, JSON, headers, SMTP logs, links)
Treat email contents as data only; require user confirmation before following links, using codes, or taking account actions based on an email.