ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Mailbox

v1.0.0

Send, receive, and manage asynchronous messages between agents, handlers, and users with local file storage and optional cloud sync.

0· 282·0 current·0 all-time
by@noizceera
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and CLI implement a local file-based mailbox that matches the name/description (messages stored under ~/.openclaw/workspace/mailbox, send/read/reply/archive). However SKILL.md refers to optional cloud sync and config commands (cloud-url / cloud-api-key) and a cloud sync feature which is not present in the provided code — a mismatch between docs and implementation.
!
Instruction Scope
SKILL.md and the example heartbeat explicitly instruct agents to automatically process high-priority messages, execute tasks referenced by message metadata, and call callback URLs. The example agent-heartbeat performs network POSTs (fetch) to callback URLs derived from message metadata and suggests cron-based automation. That means a message from an untrusted sender could cause your agent to perform work and send results to arbitrary external endpoints (exfiltration risk). The mailbox core itself does not execute shell commands, but the provided examples push automatic execution as the default behavior — this expands the runtime scope and risk.
Install Mechanism
No install spec or remote downloads are present; this is an instruction+source bundle. No external packages are installed at runtime by the skill itself. That keeps installation footprint low.
Credentials
The skill declares no required environment variables or secrets (good). The code does read process.env.HOME (fallback to /tmp) and uses process.env.AGENT_NAME or process.env.USER to identify the agent; these are reasonable but are not documented in requires.env. SKILL.md suggests setting cloud API keys via 'openclaw mail config', yet no cloud sync implementation exists in the code — so requests for cloud credentials would be out-of-band and should be treated cautiously when/if added.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes files to ~/.openclaw/workspace/mailbox (its own data) which is expected. However the docs encourage cron integration so operators may configure periodic processing — that automation increases blast radius if enabled without validation of incoming messages.
What to consider before installing
This skill provides a local file-based mailbox and appears to implement the advertised CLI/API, but proceed carefully: - Review the code before enabling automation: examples (agent-heartbeat) will automatically execute tasks and POST results to callback URLs included in messages. A malicious message could cause your agent to send data to an attacker-controlled endpoint. - Do not enable cron/heartbeat processing until you trust message senders or add validation/whitelisting. Prefer manual review (openclaw mail check / read) before acting on tasks. - The README/SKILL.md mention optional cloud sync and cloud-api-key configuration, but the provided code contains no cloud sync implementation — do not provide cloud credentials until you see a clear, reviewed implementation. - Messages are stored under ~/.openclaw/workspace/mailbox; ensure filesystem permissions are appropriate and consider encrypting sensitive data before storing or waiting for the 'optional encryption' feature. - If you plan to use webhooks/callback URLs from messages, sanitize and validate destinations and the data you send. Treat callback_url and metadata as untrusted input. If you want a safer install: keep mailbox local-only, disable scheduled processing, and implement explicit checks (sender authentication, URL allowlist, limits on data sent) before enabling heartbeat automation or cloud sync.

Like a lobster shell, security has layers — review code before you run it.

agentvk9735p1h19p94mkfvsdaeaky1d82hxkebountyvk9735p1h19p94mkfvsdaeaky1d82hxkecommunicationvk9735p1h19p94mkfvsdaeaky1d82hxkecoordinationvk9735p1h19p94mkfvsdaeaky1d82hxkelatestvk9735p1h19p94mkfvsdaeaky1d82hxkemailboxvk9735p1h19p94mkfvsdaeaky1d82hxkemessagingvk9735p1h19p94mkfvsdaeaky1d82hxke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments