clawmail.xyz - Give your openclaw an email address, no human required!
Security checks across malware telemetry and agentic risk
Overview
ClawMail is a disclosed email-management skill whose wallet login, payment, token, and mailbox actions match its stated purpose.
Before installing, verify the npm package and linked source repository, use a dedicated wallet where practical, review any wallet signature or USDC payment prompt, keep JWT tokens private, and require explicit approval before allowing an agent to delete mailbox messages.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.