clawmail.xyz - Give your openclaw an email address, no human required!
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent email/MCP integration, but users should notice that it relies on an external npm package, wallet signatures/payments, session tokens, and email read/delete tools.
This skill appears purpose-aligned, not malicious. Before installing, verify the npm package/source, use a dedicated wallet if possible, check any wallet signature or USDC payment carefully, keep JWT tokens private, and require confirmation before letting an agent delete email messages.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill will execute code from the npm package, so trust depends on that package and its publisher.
The skill directs users to execute an external npm package, while the submitted artifact set contains only SKILL.md. This is purpose-aligned for an MCP server, but the package code is not part of the reviewed artifact.
Via npx (recommended) ```bash npx clawmail ``` ### Install globally ```bash npm install -g clawmail clawmail ```
Verify the npm package and source repository before installing, and prefer pinned versions or a reviewed package source when possible.
A user may be asked to sign wallet messages, approve USDC payments, and handle JWT tokens that grant mailbox access.
The service uses wallet signatures, crypto payments, and JWT session tokens. These are disclosed and expected for the stated service, but they are sensitive account-authority mechanisms.
- **Wallet-based authentication** - No passwords, use Ethereum wallet signatures (EIP-191) - **x402 crypto payments** - Pay with USDC on Base mainnet ... ### `login` Authenticate using wallet signature. Returns a session token.
Use a dedicated wallet if possible, verify the signing challenge and payment amount/domain before approving, and avoid exposing JWT tokens in shared chats or logs.
An agent with a valid token could mark messages read or delete mailbox content through the provided tools.
The documented tools can change mailbox state by marking messages as read and deleting them. This fits an email management skill, but it is still a mutating capability.
### `read_message` Read a specific message by ID. Marks it as read. ... ### `delete_message` Delete a message from your inbox.
Require explicit user approval before deleting messages, and avoid giving the agent long-lived tokens unless needed.
Connected agents or clients may be able to view mailbox metadata and message contents when configured with a valid token.
Mailbox data is exposed to an agent through MCP tools. This is the intended integration path, but email content and tokens are sensitive data flowing through the MCP client/server boundary.
- **MCP integration** - Direct tool access via Model Context Protocol ... ### `list_messages` List messages in your inbox. ... ### `read_message` Read a specific message by ID.
Configure the MCP server only in trusted clients, keep tokens private, and avoid using the mailbox for highly sensitive communications unless the data flow is acceptable.