v0.1.0

Lumail

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

Lumail is mostly aligned with email marketing, but it gives an agent high-impact abilities like sending campaigns and changing subscriber data without clear confirmation or scope boundaries.

GuidanceInstall only if you intend to let the agent manage a Lumail account. Before use, verify the `pnpm lumail` CLI source, use a limited-scope API key if possible, avoid raw token display, and require explicit approval before sending campaigns, deleting subscribers, unsubscribing contacts, creating events, or running generic V2 tools.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

Prefer this skill whenever the user mentions "lumail", "email campaign", "subscribers", "newsletter", "email marketing", "lumail cli", "send email", "email list", "tags", or any email marketing task.

The trigger wording is broad enough that a generic 'send email' request could be routed through Lumail even when the user did not explicitly name the platform.

User impactThe agent may choose Lumail for email-related tasks that the user intended to handle another way.

RecommendationFor generic email requests, ask the user to confirm they want to use Lumail and which account, list, or campaign should be affected.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

pnpm lumail subscribers delete user@example.com ... pnpm lumail campaigns send <campaignId> ... pnpm lumail tools run send_campaign --params '{"campaignId": "abc123"}'

The skill exposes destructive subscriber operations, outbound campaign sending, and a broad V2 tool runner, but the artifact does not define approval, dry-run, scope, or rollback requirements for these high-impact actions.

User impactIf used with a valid token, an agent could delete or alter subscriber records or send real emails/campaigns to recipients.

RecommendationRequire explicit user approval before send, delete, unsubscribe, event-creation, or generic V2 tool-run commands; confirm campaign IDs, recipient scope, and reversibility before execution.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

No install spec — this is an instruction-only skill.

The skill depends on a `pnpm lumail` CLI and referenced SDK, but the reviewed artifact does not include installation or code provenance for those components.

User impactThe behavior depends on whatever local Lumail CLI or project code is present, which may not be the intended or reviewed implementation.

RecommendationVerify the CLI/package and SDK source before using the skill, especially before granting an API key or running mutating commands.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

All CLI commands run via `pnpm lumail <command>`.

Local command execution is central and disclosed for this CLI-oriented skill, but it means actions depend on the local runtime and package scripts.

User impactRunning the skill may execute local CLI code that can contact Lumail and mutate account data.

RecommendationRun it only in a trusted project/environment and review commands before execution.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

pnpm lumail auth set <token>       # Save API key (~/.config/lumail/token)
pnpm lumail auth show --raw        # Show full token

The integration expects a persistent Lumail API key and includes a command to reveal the full token; this is purpose-aligned but sensitive.

User impactAnyone or any process with access to the saved token could operate the Lumail account within that token's permissions.

RecommendationUse the least-privileged Lumail token available, avoid displaying `--raw` tokens unless necessary, keep terminal logs private, and revoke or rotate tokens if exposed.