Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Manager with DB
v1.1.0Email account manager with IMAP/SMTP support and local database. Manage multiple email accounts, sync inbox, send emails, search, set filters, and generate d...
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements the declared functionality (IMAP/SMTP, local SQLite DB, filters, suppression list, RFC8058 unsubscribe support and a tracking/unsubscribe example server). That behavior is coherent with the skill name/description. However, the README declares runtime environment variables (UNSUB_BASE_URL, UNSUB_SECRET, DB path overrides) that are required or recommended for full operation but the registry metadata lists no required env vars — an omission that is inconsistent and should be corrected.
Instruction Scope
SKILL.md shows only Bash/node CLI commands (node cli.js ...), which matches the included Node CLI. The README and examples additionally reference running a Python unsubscribe/tracking server (examples/email_tracker.py). The example server contains an absolute DB path that points to the developer's home (/Users/guozhen/...), and a default UNSUB_SECRET fallback ('solvea-default-secret-change-me'). The presence of an example that will write to an absolute path and defaults to a weak secret is unexpected and should be treated cautiously. The instructions do not ask the agent to read arbitrary system files, but they do require persistent storage and network endpoints for unsubscribe/tracking.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but package.json/package-lock are present and README instructs running 'npm install'. Dependencies include native modules (better-sqlite3 has an install script) which will compile during install. The package-lock 'resolved' URLs point to registry.npmmirror.com (a mirror) rather than the default npm registry; that's unusual and worth noticing but not necessarily malicious. No custom remote download/extract install steps are present.
Credentials
The skill will handle highly sensitive data: user email addresses and app-specific passwords are stored in local SQLite (accounts.app_password). The README lists UNSUB_BASE_URL (marked as required for headers) and UNSUB_SECRET (recommended) along with DB path env vars, but the registry metadata declares no required env vars and primary credential none. That mismatch is concerning because the skill's correct and safe operation depends on those environment variables (and on you supplying HMAC secret and public base URL) yet they are not declared upfront. The example server also defaults to a weak secret if UNSUB_SECRET is not set.
Persistence & Privilege
The skill does not request always:true and won't be force-included. It writes its own data under a 'data' directory relative to the skill (src/db.js creates ./data/emails.db), which is normal for a local app. The only atypical persistence is the example Python server which uses a hardcoded absolute DB_PATH (/Users/guozhen/...) that would attempt to create/modify that path if run as-is; this is an authoring oversight rather than an explicit privilege escalation.
What to consider before installing
This skill appears to implement the described email manager, but there are a few red flags to check before installing or running it:
- Sensitive data: account app passwords are stored in a local SQLite database. Only install/run in an environment you control. Back up or encrypt data if needed.
- Missing/undeclared env vars: README requires UNSUB_BASE_URL (public unsubscribe tracking URL) and recommends an UNSUB_SECRET; the registry metadata did not declare these. You must set a strong UNSUB_SECRET and a proper UNSUB_BASE_URL for List-Unsubscribe headers to work safely. Do not rely on the example default secret.
- Example server path: examples/email_tracker.py hardcodes DB_PATH to /Users/guozhen/..., and will write to that path if run unchanged. Edit the script to use a safe path (or an env var like TRACKING_DB_PATH) before running.
- Dependencies/build: running npm install will compile native modules (better-sqlite3). Review package.json and package-lock; the lockfile references a non-default npm mirror (registry.npmmirror.com). If you require source provenance, consider auditing or replacing with packages fetched from a registry you trust.
- Operational risks: this tool is designed for bulk outreach (the README even emphasizes cold email rotation). Ensure your use complies with email provider policies and laws; misuse can lead to account suspension or legal exposure.
Recommendations: review/modify the example server DB path and default secret, set UNSUB_SECRET to a strong value, set UNSUB_BASE_URL to a public domain you control (or leave it unset if you don't want tracking/one-click unsubscribe headers), and run the skill in an isolated environment. If you want the skill in an automated agent, explicitly confirm the agent is allowed to manage account credentials and send emails on your behalf.tests/test_unsubscribe.js:14
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
cold-emailvk97fspqb9j92r30xaa68yh3c2184v9jpemailvk97fspqb9j92r30xaa68yh3c2184v9jpimapvk97fspqb9j92r30xaa68yh3c2184v9jplatestvk97fspqb9j92r30xaa68yh3c2184v9jprfc-8058vk97fspqb9j92r30xaa68yh3c2184v9jpsmtpvk97fspqb9j92r30xaa68yh3c2184v9jpunsubscribevk97fspqb9j92r30xaa68yh3c2184v9jp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.