ClawHub

Simplelogin Cli

v1.0.3

Create and manage SimpleLogin email aliases from the command line. Protect your real email with secure, private aliases.

1· 107·0 current·0 all-time
by@mcclawd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SimpleLogin CLI) match the requested binaries (curl, jq), the README and SKILL.md describe using a SimpleLogin API key, and the included script operates against app.simplelogin.io. Nothing requested appears unrelated to creating/managing aliases.
Instruction Scope
SKILL.md and the test script only instruct reading an API key (env or the declared ~/.openclaw/secrets/simplelogin.json), calling SimpleLogin API endpoints, and basic local actions (copy to clipboard, echo). There are no instructions to read unrelated system files, exfiltrate data to unexpected endpoints, or perform privileged operations.
Install Mechanism
No install spec — instruction-only skill with a small helper script. Nothing is downloaded or extracted by the skill itself. Low install risk.
Credentials
The only credential material used is a SimpleLogin API key (SIMPLELOGIN_API_KEY or fallback JSON secret). The declared secret path in metadata matches the fallback used in the script. No unrelated credentials or broad environment access are requested.
Persistence & Privilege
always is false, the skill does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed by default (platform normal), but the skill itself does not request elevated privileges.
Assessment
This skill appears to do exactly what it claims: manage SimpleLogin aliases using your SimpleLogin API key. Before installing: (1) verify you trust the repository/source described in the SKILL.md/README (there are a couple of inconsistent clone URLs in the docs), (2) prefer supplying your API key via the SIMPLELOGIN_API_KEY environment variable or a trusted password manager, (3) inspect scripts (e.g., scripts/test-reverse-alias.sh) to confirm they call only the expected API endpoints (app.simplelogin.io) and do not contain unexpected network destinations, and (4) ensure the ~/.openclaw/secrets/simplelogin.json file (if used) only contains the API key and is stored securely. If you will allow an agent to call this skill autonomously, be aware the agent could create or delete aliases using your API key — only enable autonomous use if you trust the agent's policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97687zx33t3zf680zftvgxjtd84zc84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
OSLinux · macOS · Windows
Binscurl, jq

Comments