Skillv1.5.4

ClawScan security

Imap Mail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 1:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an IMAP/SMTP bridge that matches its description, but the package metadata omits sensitive environment/config requirements and the runtime instructions ask you to create system-level files and optionally enable an outbound webhook — these mismatches and privileges merit caution.
Guidance: What to consider before installing: - This package actually contains runnable Python code (a local FastAPI server) and CLI scripts — it's not a pure documentation-only skill. The registry metadata omitted the fact that you must provide mailbox credentials and create an env file (default: /etc/imap-mail.env). Treat MAIL_USER and MAIL_PASS as sensitive: store them with tight file permissions (chmod 600) and preferably run the service under a dedicated unprivileged user. - The service listens on 127.0.0.1 by default (good), but it supports a configurable MAIL_IDLE_WEBHOOK. If you set that to an external URL, new-message events (and possibly message metadata) will be POSTed there — this can leak data if you point it at an untrusted endpoint. If you don't need webhooks leave it unset. - The package instructs installing dependencies via pip (fastapi, uvicorn). Only install these from trusted sources and consider using a virtualenv. Review the included scripts (mail-api.py and helpers) yourself — they are present in the bundle and will run locally. - The SKILL.md shows steps to create and enable a systemd service; enabling a systemd unit requires root and makes the agent persistent. If you decide to run it as a service, create a dedicated system user, restrict filesystem and network permissions, and verify the ExecStart path. - Packaging inconsistencies: registry metadata not declaring required envs/config paths and duplicated files (scripts/scripts/) suggest sloppy packaging. If you plan to use this, inspect the code for any unexpected network calls (especially webhook behavior), or run the service in a confined environment (container or VM) until you are comfortable. - If you want help: I can (a) point out exact lines where webhooks are invoked/constructed in mail-api.py, (b) give step-by-step hardening advice for running the service under a non-root user, or (c) produce a checklist for safely installing/testing this skill in a sandboxed environment.

Review Dimensions

Purpose & Capability: noteThe name/description (IMAP/SMTP mail bridge) matches the included code: a local FastAPI-based API (mail-api.py) plus CLI helpers to list/search/move/send messages. Requiring python3 and FastAPI/uvicorn is appropriate. However the registry metadata declared no required environment variables or config paths despite the runtime instructions and code requiring MAIL_IMAP_HOST, MAIL_USER, MAIL_PASS and an env file (default /etc/imap-mail.env). That omission is an inconsistency in the package metadata.
Instruction Scope: concernSKILL.md and scripts instruct creating /etc/imap-mail.env and a systemd unit, and starting a long-running local API server. The server supports an IDLE webhook (MAIL_IDLE_WEBHOOK) which — if set to an external URL — will cause the service to POST events off-host (potential data exfiltration if misconfigured). The scripts also perform filesystem writes (saving attachments) and can be run as a system service; these are within a mail-bridge's purpose but are system-level operations that were not declared in the registry metadata and could expose secrets if misconfigured.
Install Mechanism: noteThe registry lists no install spec even though code is included. SKILL.md instructs using pip3 install fastapi uvicorn (packages on PyPI) — a standard but moderately privileged install action. The included code will be executed locally; there is no automated packaged install, so users must run pip and start the server themselves. This is common for Python projects but increases reliance on the user to follow safe installation steps.
Credentials: concernThe skill needs highly sensitive credentials (MAIL_USER, MAIL_PASS, MAIL_IMAP_HOST, MAIL_SMTP_HOST/PORT) and suggests storing them in /etc/imap-mail.env. The registry metadata incorrectly reports no required envs/config paths. The presence of MAIL_IDLE_WEBHOOK (which can send message events to an arbitrary URL) and the suggestion to run as a systemd service (EnvironmentFile=/etc/imap-mail.env) means sensitive secrets will be stored system-wide — this is proportionate to an email bridge but should have been declared and documented more clearly before install.
Persistence & Privilege: noteThe skill provides instructions to install a systemd unit and run a persistent service (imap-mail-api.service) that will read /etc/imap-mail.env. It does not set always:true, but enabling the provided systemd unit requires elevated privileges (root) and grants the service persistent presence. This is not necessarily malicious but is a meaningful privilege and should be treated cautiously (run under a dedicated low-privilege user, restrict env file permissions, bind to localhost only).