Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agentmail To
v1.0.0Управление агентскими email через agentmail.to: создание, чтение, отправка и очистка временных почтовых ящиков через API и веб-консоль.
⭐ 0· 172·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description match agentmail.to functionality, but the skill's instructions and bundled config include unrelated-looking credentials (SMTP/AWS-style key) and absolute local paths. The README and SKILL.md imply scripts under /home/pit/.openclaw/workspace/scripts, yet no such scripts are bundled. The presence of SMTP/AWS credentials in config.json is not justified by the declared simple API-based purpose.
Instruction Scope
SKILL.md tells the agent to run Python scripts at absolute paths (/home/pit/.openclaw/workspace/scripts/...) and to read an .env file at that path. Those paths reference local user data and secrets. The skill instructs concrete commands that will access local files and API keys, but the referenced scripts are not included in the package, so their behavior is unknown. The SKILL.md also contains an explicit API key value and example env vars embedded in the instructions, which is a direct secret exposure.
Install Mechanism
There is no install spec (instruction-only), which is low-risk for arbitrary code download. The README suggests installing 'browser-use' via pip, but no automated installer is present. Because the skill relies on running local scripts, the lack of included runtime code means the agent may attempt to execute files on the host if they exist — review host scripts before allowing execution.
Credentials
The SKILL.md and config.json embed an AGENTMAIL_API_KEY and an AGENTMAIL_INBOX, but the skill metadata declares no required env vars or config paths. config.json additionally contains smtp_server, smtp_port, username starting with 'AKIA...' (looks like an AWS access key ID), and a password field — credentials unrelated to simple agentmail.to API calls. This is disproportionate and unexplained.
Persistence & Privilege
always is false and the skill is not marked forcibly persistent. Autonomous invocation is allowed (default) — normal for skills. There is no evidence the skill attempts to modify other skills or system-wide agent settings.
What to consider before installing
This skill contains hard-coded secrets and references absolute local paths and scripts that are not bundled — install only after taking these steps: 1) Do not use the embedded API key or config.json credentials; assume they are leaked and rotate any matching keys. 2) Ask the publisher for the missing scripts (swaudiobot_smart_reply.py, create_clean_inbox.py, etc.) and review their source before allowing execution. 3) Remove hard-coded secrets from SKILL.md/config.json and instead provide credentials via an external secret store or environment variables you control. 4) Be cautious because the SKILL.md instructs execution of files under /home/pit — on your system the agent could read local files at those paths if they exist. 5) Prefer to run this skill in an isolated environment or sandbox, and verify the origin of the package (source is unknown) before enabling autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
latestvk970rpcbyfpffad7g93fqt52zs837k69
License
MIT-0
Free to use, modify, and redistribute. No attribution required.