Iris Lite — Inbox Intelligence (Free)

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears to be a coherent Gmail inbox triage helper, but it requires a Gmail app password and a local Python package install, so users should review those setup risks.

Before installing, make sure you are comfortable giving the skill a Gmail app password and allowing it to read recent inbox subjects and snippets. Consider using a revocable app password and installing Python dependencies in a virtual environment.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone installing this must provide a Gmail app password, which could grant mailbox access if mishandled outside the intended workflow.

Why it was flagged

The skill requires Gmail account credentials and uses them to log in to Gmail. This is expected for inbox triage, but the credential is sensitive.

Skill content

requires:\n      env: [GMAIL_ADDRESS, GMAIL_APP_PASSWORD]\n...\nmail.login(GMAIL_ADDR, GMAIL_PASS)

Recommendation

Use a dedicated Gmail app password, revoke it when no longer needed, and avoid sharing the configured environment with untrusted tools.

Medium

#ASI06: Memory and Context Poisoning

What this means

Private email subjects and snippets may be shown to the agent/session, and email text can contain untrusted instructions or sensitive personal information.

Why it was flagged

The skill reads snippets of recent email bodies and stores them in the in-session email data used for triage output.

Skill content

mail.fetch(uid, "(BODY[TEXT]<0.150>)")

Recommendation

Run it only when you are comfortable exposing recent email snippets to the agent context, and do not treat instructions found inside emails as trusted commands.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

This could change the local Python environment and depends on the current PyPI package version at install time.

Why it was flagged

The setup asks the user to install an unpinned package from PyPI and disables system-package protection for that install.

Skill content

pip3 install rich --break-system-packages --quiet

Recommendation

Prefer installing in a virtual environment and pinning a known-good version of 'rich' instead of using '--break-system-packages'.