ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MailWise

v1.0.2

Search and analyze email issue threads from a local knowledge base. Use when the user asks about past bugs, incidents, or wants to find how experienced engin...

1· 208·0 current·0 all-time
byPetrGuan1995@petrguan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (search & analyze email threads) align with declared requirements: a mailwise CLI for local indexing/search and an optional 'claude' CLI (or ANTHROPIC_API_KEY) for the analyze command. Requiring 'claude' for external LLM analysis is coherent with the documented feature.
Instruction Scope
SKILL.md confines local commands (index, search, show, stats, experts) to on-disk EML files and local embeddings. The only external network activity is the optional 'analyze' command, which sends selected excerpts to Anthropic via the Claude CLI. The docs explicitly warn about not using analyze on sensitive emails — this is within scope but is an important privacy caveat because users are encouraged to paste full bug reports/logs which may contain sensitive data.
Install Mechanism
Install spec is a PyPI package (pip/uv -> mailwise) which is proportionate for a Python CLI tool. Pip installs run third-party code (package/setup scripts and dependencies), so installing from PyPI carries the usual moderate risk; the skill itself includes only docs (no code files) so the scanner had nothing to audit locally.
Credentials
No required env vars. ANTHROPIC_API_KEY is optional and only needed for the external 'analyze' command; that is proportional and documented. There are no unrelated credentials/config paths requested.
Persistence & Privilege
The skill does not request 'always' or elevated privileges. The interactive setup writes a local config.yaml and directories (expected behavior for indexing). No indication it modifies other skills or system-wide agent settings.
Assessment
This skill appears coherent, but take these precautions before installing: 1) Inspect and verify the PyPI package owner/version (pip installs run third-party code). Install in an isolated virtualenv/container and check the package source (or GitHub repo) if possible. 2) Do not use mailwise analyze on sensitive or regulated emails unless your org permits sending excerpts to Anthropic; prefer authenticating the Claude CLI interactively (avoids storing an API key in env). 3) Review the config.yaml and indexed directory choices created by mailwise init to ensure only intended EML files are indexed. 4) Monitor network activity when running 'analyze' to confirm only calls to Anthropic occur. 5) If you need higher assurance, request the package source or a checksum from the publisher and audit it before deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk976d3g2mr8n5qbk0nch94z4yn83x8vr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binsmailwise, claude

Install

Install MailWise from PyPI
Bins: mailwise
uv tool install mailwise

Comments