Back to skill
Skillv1.1.0
ClawScan security
Sendook Email (Restricted) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested credentials, instructions, and behavior align with its stated purpose (reading/sending messages for a pre-configured Sendook inbox); nothing requested looks disproportionate or unrelated.
- Guidance
- This skill appears coherent for its purpose, but before installing: (1) verify the Sendook SDK package (@sendook/node) and its upstream repository are legitimate (check the npm publisher and GitHub repo), (2) create and use a least-privileged API key scoped only to the inbox you want the agent to access, (3) avoid placing the API key in shared or committed files — store it in a secure environment variable store, (4) confirm any local files to attach explicitly with the user before reading them (the SKILL.md also recommends this), and (5) remember that installing the SDK (npm install) will pull third-party code — revoke the API key if you stop using the skill or suspect compromise.
Review Dimensions
- Purpose & Capability
- okName/description declare read/send operations for a pre-configured Sendook inbox and the skill only requests SENDOOK_API_KEY and SENDOOK_INBOX_ID — both directly necessary for the stated operations. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md contains concrete API and SDK examples limited to listing/getting threads/messages, sending messages (including attachments) and explicitly forbids inbox/domain/key management. It warns not to read sensitive local files and requires explicit user confirmation before attaching local files. It does not instruct reading unrelated system state or exfiltrating data to unexpected endpoints.
- Install Mechanism
- noteThe skill is instruction-only (no install spec or code files), which is low-risk. The README recommends installing the @sendook/node npm package — installing a third-party package introduces the usual supply-chain considerations (verify package provenance, author, and repository). The recommendation is reasonable for the SDK but is worth verifying before npm install.
- Credentials
- okOnly two environment variables are required (SENDOOK_API_KEY as primary credential, SENDOOK_INBOX_ID). Both are necessary and proportional for accessing a specific Sendook inbox. The SKILL.md also explicitly recommends using a least-privileged API key scoped to the inbox.
- Persistence & Privilege
- okSkill is not marked always:true and does not request persistent or elevated platform privileges. It is user-invocable and can be invoked autonomously (platform default), which is expected for a messaging integration. No instructions modify other skills or global agent settings.