Iris Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
Iris Pro openly asks for Gmail access to triage your inbox; that is sensitive, but the visible artifacts do not show hidden exfiltration, persistence, or destructive behavior.
Install only if you are comfortable with a local Python workflow reading up to 200 Gmail messages and generating reply/analytics output. Use a revocable Gmail app password, run the package install in a virtual environment if possible, review the complete SKILL.md before executing it, and do not share generated reports or draft replies unless you have checked them for sensitive content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool can read sensitive email content from the configured Gmail account.
The skill explicitly requires a Gmail app password and Gmail address, giving it access to the user's Gmail account for the stated inbox-triage purpose.
requires:\n env: [GMAIL_ADDRESS, GMAIL_APP_PASSWORD, LICENSE_KEY]
Use a dedicated, revocable Gmail app password, avoid sharing it, and revoke it when you no longer need the skill.
This could create package-version or system-Python conflicts, and it relies on the current PyPI package contents.
The setup step installs an unpinned package from PyPI and uses --break-system-packages, which can alter the system Python environment.
pip3 install rich --break-system-packages --quiet
Prefer running the skill in a virtual environment and pinning the dependency version before installation.
Generated reports or draft replies may expose personal, business, legal, or financial email details if copied or shared elsewhere.
The skill processes private email content into reply drafts and analytics, which are purpose-aligned but may contain sensitive information.
Reads your Gmail inbox, scores every email by urgency and sender importance, drafts full personalised replies for every actionable email ... generates weekly inbox analytics
Start with a small SCAN_COUNT, review outputs carefully, and keep generated reports or drafts private.
A user might overinterpret the statement as meaning there is no network activity at all.
The privacy statement is reassuring, but users should read it narrowly: the tool still needs Gmail authentication and the setup step contacts PyPI for the dependency. The visible artifacts do not show third-party email exfiltration.
Gmail credentials stay local. No data transmitted to any server.
Inspect the complete SKILL.md before running and treat the claim as 'no non-Gmail email data sharing shown in the visible artifacts,' not as a guarantee of zero network access.