IMAP Email Reader
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate IMAP email tool, but its instructions include a recurring email-summary delivery to a hard-coded phone number and overstate protections for stored email credentials.
Install only if you are comfortable giving the agent access to your email account. Before use, create or verify a `.gitignore` that excludes `.env`, use an app-specific or Bridge-generated password, replace the cron phone number with your own destination or avoid the cron workflow, and require confirmation before the agent marks emails read or unread.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied as-is, private email summaries could be sent every 15 minutes to an unintended recipient.
This example creates a recurring agent workflow that summarizes private email and sends it through iMessage to a specific phone number rather than a user placeholder.
clawdbot cron add ... --message "Check for new ProtonMail emails and summarize them" ... --deliver --channel imessage --to "+15085600825"
Replace the phone number with a clear placeholder, warn that email summaries leave the mailbox, require explicit user confirmation for delivery destinations, and document how to disable the cron job.
A user may believe the password file is protected from version control when it may not be, increasing the chance of committing email credentials.
The supplied file manifest does not include `.env.example` or `.gitignore`, while setup stores the IMAP password in `.env`; the documentation therefore promises a credential-protection mechanism that is not evidenced in the artifacts.
Copy `.env.example` to `.env` ... The `.env` file is automatically ignored by git ... It's already in `.gitignore`
Include `.env.example` and `.gitignore` with `.env` excluded, or change the instructions to require the user to create and verify those files before entering credentials.
Installing and configuring the skill gives the agent the ability to read mailbox contents using the supplied email credentials.
The skill needs real IMAP credentials to access the user's mailbox; this is expected for the purpose, but it is high-impact account access and the registry summary says no primary credential is required.
"IMAP_PASS", "description": "IMAP password or app-specific password", "type": "string", "sensitive": true
Use app-specific or ProtonMail Bridge-generated passwords, avoid primary account passwords where possible, and verify the install UI clearly discloses the credential requirement.
An agent could change which emails appear read or unread if allowed to run these commands without confirmation.
The CLI can mutate mailbox state by marking messages read or unread; this matches the described management feature but should remain user-directed.
await connection.addFlags(uids, '\\Seen'); ... await connection.delFlags(uids, '\\Seen');
Ask for explicit user approval before marking messages read or unread, especially in automated workflows.