Mufi Email Manager
ReviewAudited by ClawScan on May 1, 2026.
Overview
This looks like a disclosed email-management skill, but it needs mailbox credentials and can read and send email, so users should only install it if they trust it with their email accounts.
Install only if you are comfortable giving this skill access to your email accounts. Use app passwords where available, protect the .env file, review any reply/send action before it runs, and do not enable the cron examples unless you want recurring mailbox access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this skill with the configured .env can read mail from and send mail through those accounts.
The skill asks users to provide real mailbox credentials for multiple providers. That is expected for IMAP/SMTP email management, but it grants broad access to the configured accounts.
GMAIL_USER=your@gmail.com ... GMAIL_PASS=your_app_password ... NAVER_PASS=your_password
Use provider app passwords where possible, limit accounts to only those needed, protect the .env file, and revoke credentials if you uninstall or stop using the skill.
If invoked with the wrong UID, template, or body, the skill could send an unintended reply from the user's mailbox.
The reply command sends an email from the configured account to the original sender after being invoked. This is a core feature, but email sending is an external, hard-to-reverse action.
await smtpClient.sendMail({ to: originalMessage.from, subject: replySubject, text: replyBody });Require explicit user approval before reply/send operations, especially when an agent chooses the UID, recipient, template, or message body.
Private email contents may be exposed in command output, logs, or agent context, and malicious email text could influence an agent if treated as instructions.
The IMAP client fetches and parses full messages, including body, HTML, and attachments. This is useful for email features, but it brings sensitive and untrusted email content into the tool's process and possible agent context.
bodies: '', struct: true ... text: parsed.text || '', html: parsed.html || '', attachments: parsed.attachments || []
Keep outputs minimal, avoid feeding full email content to an agent unless needed, and treat all email subjects/bodies as untrusted user data.
Scheduled tasks could repeatedly access mail or send digests without a fresh prompt each time.
The documentation includes user-directed cron examples for recurring mail processing. There is no hidden persistence in the code, but installing these cron jobs would make the skill run on a schedule.
0 9 * * * cd /path/to/mufi-email-manager && node scripts/digest.js --send
Only add cron jobs intentionally, review exactly what they run, and remove them when no longer needed.
Future installs could pull dependency versions different from those originally tested.
The skill depends on npm packages with semver ranges. This is normal for Node tooling, but installs may resolve newer compatible package versions because no lockfile is included in the provided artifacts.
"imap": "^0.8.19", "mailparser": "^3.7.1", "nodemailer": "^6.9.16", "dotenv": "^16.4.7"
Install from a trusted source, review dependencies, and consider using a lockfile or pinned versions for reproducible installs.