Iris — Inbox Intelligence
PassAudited by ClawScan on May 9, 2026.
Overview
This is a coherent Gmail inbox-triage skill, but it needs a Gmail app password and will handle sensitive email content.
Install only if you are comfortable giving the skill access to recent Gmail messages. Use a revocable Gmail app password, consider lowering SCAN_COUNT, run it on a trusted machine, and check or delete any saved markdown reports that may contain private email content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the skill must provide mail-account credentials that allow access to Gmail messages.
The skill requires a Gmail address and app password so it can access the user's Gmail inbox.
requires:\n env: [GMAIL_ADDRESS, GMAIL_APP_PASSWORD]
Use a Gmail app password rather than your main password, keep it private, and revoke it from your Google Account when you stop using the skill.
Sensitive email summaries or action items may remain on the local machine after the skill runs.
The skill reads recent email content and says it persists a daily report, which may contain private message details or draft replies.
Read your last 50 emails ... Daily report saved to markdown
Run it only on a trusted device, review where reports are saved, and delete or protect generated markdown files if they contain private information.
Installing this dependency may modify the system Python environment and depends on the integrity of the package retrieved at install time.
The install step pulls an unpinned package from the Python package ecosystem and bypasses system-package protections.
pip3 install rich --break-system-packages --quiet
Prefer installing in a virtual environment and pinning a known-good version of rich instead of using --break-system-packages globally.