Sendook Email (Restricted)

ReviewAudited by ClawScan on May 10, 2026.

Overview

This appears to be a legitimate, scoped Sendook email skill, but it lets an agent read and send messages from the configured inbox using your Sendook API key.

Install this only if you want the agent to access the configured Sendook inbox. Use a least-privileged API key, restrict it to the intended inbox, review outbound emails before sending, and only allow attachments that you explicitly selected.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If installed with a broad API key, the agent may be able to read or send more email than intended.

Why it was flagged

The skill requires a Sendook API key and inbox ID, which gives the agent delegated access to the configured email inbox.

Skill content

requires": { "env": ["SENDOOK_API_KEY", "SENDOOK_INBOX_ID"] }, "primaryEnv": "SENDOOK_API_KEY"

Recommendation

Use a least-privileged Sendook API key scoped only to the intended inbox, store it securely, and rotate or revoke it if no longer needed.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

The agent could send an incorrect or unintended email from the configured inbox if a workflow invokes it too freely.

Why it was flagged

The documented operations include sending new emails and replying to messages, which is purpose-aligned but can have external consequences if used without review.

Skill content

await client.inbox.message.send({ ... to: ["recipient@example.com"], subject: "Hello from Sendook" ... }); ... await client.inbox.message.reply({ inboxId: INBOX_ID, messageId: "msg_def456" ... });

Recommendation

Require explicit user approval for recipients, subject, body, and reply target before sending or replying.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A future package version change could affect behavior if installed without a lockfile or version pin.

Why it was flagged

The setup relies on an external npm SDK and does not pin a package version; this is normal for SDK setup but is still a supply-chain consideration.

Skill content

npm install @sendook/node

Recommendation

Install from the trusted npm source, consider pinning a known-good version, and use a lockfile in production workspaces.