ClawHub

Sendook

v1.1.0

Read and send emails from an existing Sendook inbox. Use when an AI agent needs to check for new emails, read messages, reply to conversations, or send new emails from a pre-configured inbox. Limited to message operations only — no inbox creation, domain management, or webhook configuration.

2· 906·0 current·0 all-time
by@obaid·duplicate of @obaid/sendook-openclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is for reading and sending messages from a pre-configured Sendook inbox and only requests SENDOOK_API_KEY and SENDOOK_INBOX_ID. Those env vars and the documented API endpoints are appropriate and proportional to the described functionality.
Instruction Scope
SKILL.md instructs only message operations (list, get, threads, send, reply) and shows curl/SDK examples using the declared env vars. The only local-file access mentioned is for attachments and the document explicitly warns to obtain user consent and to avoid sensitive system paths.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). It recommends installing the official-looking npm SDK (@sendook/node) for convenience; that guidance is reasonable and does not itself install arbitrary code via the skill.
Credentials
Only two environment variables are required (Sendook API key and inbox ID) and both are directly used by the examples. The SKILL.md even recommends using a least-privileged API key scoped to the inbox, which is appropriate.
Persistence & Privilege
The skill is not always-enabled, and it does not request system-wide persistence or modify other skills. It can be invoked autonomously (platform default), which is expected for skills — there is no additional privilege requested.
Assessment
This skill is coherent with its purpose and requests only the Sendook API key and an inbox ID. Before installing: (1) grant a least-privileged API key scoped to the single inbox you want the agent to use; (2) be aware that an agent with this skill can read and send mail from that inbox — restrict the key and monitor usage; (3) confirm file-attachment behavior: the skill can read local files if asked, so only allow attaching files you approve and avoid giving the agent access to sensitive paths; (4) if you want stricter control, require manual confirmation before sending messages or disable autonomous invocation for agents using this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b31rfhex6peehxra9vm85cs80y8vm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSENDOOK_API_KEY, SENDOOK_INBOX_ID
Primary envSENDOOK_API_KEY

Comments