Skillv0.1.1

ClawScan security

OfferCatcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 9:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (scanning Apple Mail, parsing with an LLM, and creating Apple Reminders); no signs of misdirection or unrelated credential access were found, but it will read and send email content to an LLM and requires Apple Mail/Reminders permissions so consider privacy implications before installing.
Guidance: This skill appears to do exactly what it claims: scan Apple Mail, send email text to an LLM for parsing, and create native Apple Reminders via AppleScript. Before installing, consider: 1) Privacy: parsed email bodies are sent to the LLM (OpenClaw) — ensure you trust the LLM provider and understand where data is sent; avoid running it if emails contain sensitive data you don't want transmitted. 2) Permissions: macOS will prompt for Mail and Reminders access — granting those allows the skill to read email content and create reminders. 3) Installation: the README suggests a curl | bash installer from GitHub raw; prefer reviewing the install.sh locally instead of piping unreviewed remote scripts into your shell. 4) Review state/config: the skill stores state under ~/.openclaw/workspace and expects ~/.openclaw/offercatcher.yaml — inspect those files and run tests in a safe environment first. If you need higher assurance, run the included unit tests and review the code paths that call osascript and subprocess to confirm no external network calls or unexpected behaviors.

Review Dimensions

Purpose & Capability: okName/description match the implementation: scripts enumerate Apple Mail mailboxes, extract message bodies, and create native Reminders via AppleScript. Required config and files (~/ .openclaw/offercatcher.yaml, state in workspace/memory) are appropriate for the stated functionality. No unrelated cloud credentials or services are requested.
Instruction Scope: noteSKILL.md and scripts instruct the agent to scan Apple Mail, provide raw email JSON to an LLM for parsing, and then apply results to Reminders. This is coherent with purpose, but it explicitly sends email text to an LLM (OpenClaw) for parsing — a privacy-sensitive action. The instructions do not attempt to read arbitrary unrelated files or credentials.
Install Mechanism: noteThe registry entry has no install spec, but the project includes an install.sh that clones from raw.githubusercontent.com/GitHub (a known host). The README also recommends a curl | bash one-liner. Using GitHub raw is a common pattern but still carries the usual risk of running remote install scripts without review; code included in the package mitigates surprise network fetches at runtime.
Credentials: okNo required environment variables or external credentials are declared. The skill accesses only macOS Mail and Reminders via osascript and stores state under ~/.openclaw — these are proportional to the feature. Note: the skill will read email bodies and write state files in the user's home; macOS will require granting Mail/Reminders access.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistent privileges. It writes state under the user's OpenClaw workspace and does not modify other skills or global agent settings. Agent autonomous invocation is allowed (default) but not excessive here.