Iris — Inbox Intelligence
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the skill must provide mail-account credentials that allow access to Gmail messages.
The skill requires a Gmail address and app password so it can access the user's Gmail inbox.
requires:\n env: [GMAIL_ADDRESS, GMAIL_APP_PASSWORD]
Use a Gmail app password rather than your main password, keep it private, and revoke it from your Google Account when you stop using the skill.
Sensitive email summaries or action items may remain on the local machine after the skill runs.
The skill reads recent email content and says it persists a daily report, which may contain private message details or draft replies.
Read your last 50 emails ... Daily report saved to markdown
Run it only on a trusted device, review where reports are saved, and delete or protect generated markdown files if they contain private information.
Installing this dependency may modify the system Python environment and depends on the integrity of the package retrieved at install time.
The install step pulls an unpinned package from the Python package ecosystem and bypasses system-package protections.
pip3 install rich --break-system-packages --quiet
Prefer installing in a virtual environment and pinning a known-good version of rich instead of using --break-system-packages globally.