Email Verifier
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated email-verification purpose, but it makes direct SMTP probes that can expose addresses to recipient mail servers and affect your IP reputation if overused.
Before installing, make sure you are comfortable with the skill contacting recipient mail servers for each address you verify. Keep checks small and authorized, avoid bulk verification from a residential or important business IP, and install the Python dependency in an isolated environment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Recipient domains can observe the checks, and excessive use may make your network look like spam reconnaissance or harm your IP reputation.
The script connects to recipient mail servers and performs RCPT TO checks for user-provided addresses. This is the stated purpose, but it is an external probing action that can be sensitive at scale.
smtp.connect(mx_host, 25) ... smtp.mail(f"verify@{helo_domain}") ... code, msg = smtp.rcpt(email)Use only for addresses you have a legitimate reason to verify, keep batches small, review CSV inputs before use, and use a dedicated verification service for large lists.
Installing the dependency pulls external package code into your Python environment.
The skill asks the user to install an unpinned PyPI dependency manually. This is purpose-aligned for MX record lookups, but it is still a supply-chain consideration.
pip3 install dnspython
Install in a virtual environment and, if this will be used operationally, pin and review the dependency version.