Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Assistant
v1.0.3Your inbox has 5,000 unread messages and you're drowning. Email Assistant doesn't just summarize — it reads your emails with full context, sorts them into Ur...
⭐ 0· 91·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (email triage, draft generation, VIP rules, anti-phishing) align with the included files: SKILL.md, config, examples, a setup prompt, and a small health-check script. The skill delegates authentication to existing email tooling (himalaya/gog/mutt) which is coherent for this purpose. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md gives explicit, narrow runtime instructions: fetch emails via local email tooling, classify, generate drafts (draft-only), and apply phishing/prompt-injection defenses. The SETUP-PROMPT instructs copying package files into a workspace and creating local data dirs (expected). The health-check script and setup copy local config and scripts — normal for a local skill. Note: the health-check script contains a suspicious-looking stray 'fi' / early return in find_skill_root (likely a minor bug) which could break setup checks; this is an implementation defect, not a redirection or exfiltration step.
Install Mechanism
No install spec or external downloads are present; the skill is instruction-only with one small script and config files. Setup copies files into a local workspace and sets filesystem permissions — expected and low-risk. There are no downloads from third-party URLs or archive extraction steps.
Credentials
The package declares no required environment variables, no primary credential, and no required config paths. All email access is delegated to user-managed CLI tools (himalaya/gog/mutt), which is proportionate. One caveat: the dashboard companion and DB schema describe scenarios for moving to a hosted DB (e.g., Supabase) — if the user opts to deploy the dashboard/backend remotely, data could leave the machine; the core skill itself does not request such access.
Persistence & Privilege
always: false and no elevated platform privileges are requested. Setup writes local files under an email-assistant/ directory and sets restrictive permissions (chmod 700/600) — this is expected and scoped to the skill's own data. The skill does not attempt to modify other skills or system-wide agent settings.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The pre-scan found the 'ignore-previous-instructions' pattern inside SKILL.md. In context this is defensive: the skill explicitly instructs the agent to treat email content as data and to ignore instruction-like strings. The finding is consistent with the skill's anti-injection guidance rather than an attempt to manipulate evaluation.
Assessment
This package appears coherent and focused on local email triage. Before installing, consider: 1) Review the SETUP-PROMPT.md steps and run them manually (they copy files and set permissions in your workspace). 2) Confirm you already have and trust the local email tool you want to use (himalaya/gog/mutt) because this skill delegates authentication to that tool. 3) If you plan to use the dashboard/DB pieces, be aware that deploying the dashboard or a remote database could move email summaries off your machine — treat that as a separate decision and audit those deployments. 4) The health-check script has a small apparent syntax/logic issue; run it in a safe environment first. 5) As always, review draft replies before sending (the skill enforces draft-only behavior, but user approval is required).SECURITY.md:14
Prompt-injection style instruction pattern detected.
SKILL.md:19
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97dtzcr0kzhnv4v01ytseta6x83ywhc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.