Back to skill
Skillv1.1.0
ClawScan security
Sendook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 10:23 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (reading/sending from a configured Sendook inbox); nothing requested appears disproportionate or unrelated.
- Guidance
- This skill is coherent with its purpose and requests only the Sendook API key and an inbox ID. Before installing: (1) grant a least-privileged API key scoped to the single inbox you want the agent to use; (2) be aware that an agent with this skill can read and send mail from that inbox — restrict the key and monitor usage; (3) confirm file-attachment behavior: the skill can read local files if asked, so only allow attaching files you approve and avoid giving the agent access to sensitive paths; (4) if you want stricter control, require manual confirmation before sending messages or disable autonomous invocation for agents using this skill.
Review Dimensions
- Purpose & Capability
- okThe skill is for reading and sending messages from a pre-configured Sendook inbox and only requests SENDOOK_API_KEY and SENDOOK_INBOX_ID. Those env vars and the documented API endpoints are appropriate and proportional to the described functionality.
- Instruction Scope
- okSKILL.md instructs only message operations (list, get, threads, send, reply) and shows curl/SDK examples using the declared env vars. The only local-file access mentioned is for attachments and the document explicitly warns to obtain user consent and to avoid sensitive system paths.
- Install Mechanism
- okThis is an instruction-only skill (no install spec, no code files). It recommends installing the official-looking npm SDK (@sendook/node) for convenience; that guidance is reasonable and does not itself install arbitrary code via the skill.
- Credentials
- okOnly two environment variables are required (Sendook API key and inbox ID) and both are directly used by the examples. The SKILL.md even recommends using a least-privileged API key scoped to the inbox, which is appropriate.
- Persistence & Privilege
- okThe skill is not always-enabled, and it does not request system-wide persistence or modify other skills. It can be invoked autonomously (platform default), which is expected for skills — there is no additional privilege requested.