Skillv0.5.50

ClawScan security

Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 6:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (self-hosted email/SMS/storage for agents) is plausible, but the runtime instructions and included scripts omit some required tooling, call out-of-band package runners (npx), and will modify agent config / start arbitrary docker-compose stacks — these mismatches merit caution before installing.
Guidance: This skill appears to be a coherent self-hosted mail/SMS/agent coordination system, but several things don't add up or are risky: (1) setup scripts call 'npx' / 'npm' but the skill only declares Docker as a required binary — ensure you have Node/npm/npx if you plan to run setup, and prefer to inspect any npx-invoked package before allowing it to run. (2) setup.sh will locate and run docker-compose.yml from a repository root path; review that docker-compose.yml before running docker compose up (containers may run arbitrary code/network services). (3) The installer will write API/master keys into your OpenClaw config (~/.openclaw/openclaw.json) — treat the master key as highly sensitive and avoid storing it where untrusted processes can read it. (4) There is no packaged installer provided here; the 'agenticmail openclaw' command referenced in SKILL.md may not exist on your system — verify provenance of the CLI and the GitHub project. Recommended steps: review the repository (docker-compose.yml and any init scripts), run setup in an isolated environment (VM or disposable host), avoid running npx commands blindly, and only provide/store keys after you confirm the codebase and container images. If you need higher assurance, request an explicit install manifest (which images/packages are used) or prefer a reviewed distribution (official release on GitHub releases / known package registry).

Review Dimensions

Purpose & Capability: noteThe skill is an email/SMS/multi-agent coordination suite and declares docker and an AGENTICMAIL_API_KEY, which matches that purpose. However, the provided setup script invokes npx/tsx and references npm commands (not declared in the metadata), so required tooling is under-specified.
Instruction Scope: concernSKILL.md and scripts instruct starting docker compose, initializing local state (npx tsx scripts/init-local.ts), and editing/enabling the OpenClaw plugin config (~/.openclaw/openclaw.json) including placing API/master keys there. Running these steps will modify local config files and can start arbitrary containers based on a docker-compose.yml found at a projected repo root — scope and side effects are broad and not fully documented.
Install Mechanism: concernThere is no formal install spec (instruction-only), which reduces visibility. The included scripts call 'npx' (which can fetch and execute packages from the network) and expect docker/docker compose; npx use is conditional but can execute remote code during setup. This is a moderate install risk and the skill fails to declare node/npm/npx as required binaries.
Credentials: notePrimary credential AGENTICMAIL_API_KEY is appropriate for the API. The docs also discuss an AGENTICMAIL_MASTER_KEY and other ENV variables (AGENTICMAIL_API_PORT, DATA_DIR) but those are not declared as required; the skill will ask to place master and agent keys into OpenClaw config, which is sensitive and should be justified/confirmed.
Persistence & Privilege: noteThe skill expects to enable itself in the OpenClaw plugin config and write API/master keys into ~/.openclaw/openclaw.json. It does not set always:true, but it does request persistent plugin configuration and starting background services (docker containers). Modifying the agent gateway config and storing keys is a significant privilege that users should explicitly consent to.