Email Intelligence
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for inbox analysis, but it needs access to a configured email account and can surface private email metadata.
Install or run this only if you are comfortable letting it analyze the mailbox configured in himalaya. It appears aligned with its stated inbox-health purpose, but review the target account, keep generated reports private, and remember that email-derived text should be treated as untrusted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill lets it inspect email metadata from the configured account, which may include personal or work messages.
The skill depends on an already-configured email account, which means it can act through whatever IMAP access himalaya has.
Requires himalaya CLI configured with IMAP.
Use it only with the intended mailbox, review the himalaya configuration, and prefer the least-privileged/read-only setup available.
Private sender and subject information may appear in the generated report, and subject lines should not be treated as trusted instructions.
The script includes email sender addresses and subject lines in its ghost report output, placing private and potentially untrusted email metadata into the agent/report context.
'senderEmail': sender.get('addr', ''),
'subject': email.get('subject', ''),Keep reports local, redact sensitive senders or subjects before sharing, and treat email-derived text as untrusted content.
Users may not realize before reading the skill instructions that it depends on an external mail CLI and an IMAP-configured account.
The skill documents runtime dependencies that are not reflected in the registry metadata, which lists no required binaries, environment variables, or primary credential.
- **himalaya CLI** configured with IMAP access - Python 3.6+
Declare himalaya, Python, and the email-account dependency in metadata or installation requirements for clearer user review.