email-suite (imap+smtp)

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill mostly matches an email client, but it asks for full mail-account credentials and includes an unexplained no-prompt self-update command alongside high-impact send and delete abilities.

Install only if you are comfortable giving the skill IMAP/SMTP access to the configured mailbox. Protect the `.env` file, review messages before allowing sends/deletes, and ignore the unexplained `clawhub update ... --no-input` line unless you intentionally choose to update through a trusted review path.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities

Medium

What this means

Following this command could change the installed skill without a normal prompt, making it harder to review what changed.

Why it was flagged

This bare command is unrelated to normal email use and includes `--no-input`, which would suppress interactive review while updating the installed skill if a user or agent followed it.

Skill content

clawhub update email-suite-imap-smtp --no-input

Recommendation

Do not run the no-input update command automatically; update only through a reviewed ClawHub workflow and remove this line from the README.

#ASI02: Tool Misuse and Exploitation

Low

What this means

An agent using this skill can send messages or delete email from the configured account when invoked.

Why it was flagged

The skill exposes account-mutating actions: sending mail and permanently deleting messages. These are disclosed and purpose-aligned, but high-impact.

Skill content

`send --to x --subject "S" --body "B"` | Send email ... `delete <uid>` | Delete permanently

Recommendation

Require explicit user confirmation before sending, forwarding, replying, or permanently deleting messages, especially for multiple UIDs or attachments.

#ASI03: Identity and Privilege Abuse

Medium

What this means

Anyone with access to the `.env` file may be able to access the configured email account via IMAP/SMTP.

Why it was flagged

The skill requires mailbox credentials/app passwords that allow reading and sending mail through the configured providers.

Skill content

IMAP_USER=your@email.com
IMAP_PASS=your_app_password ... SMTP_USER=your@email.com
SMTP_PASS=your_app_password

Recommendation

Use app passwords where possible, restrict file permissions with `chmod 600 .env`, and avoid installing this skill in shared or untrusted workspaces.

#ASI06: Memory and Context Poisoning

Low

What this means

Private email metadata or attachments may remain on disk after use and could be read by other local processes or users.

Why it was flagged

The skill persists email metadata and downloaded attachments locally for faster checks and access.

Skill content

Attachments auto-saved to `.cache/attachments/`
- Inbox cache in `.cache/inbox.json`

Recommendation

Periodically clear the cache, protect the working directory, and avoid downloading sensitive attachments unless needed.