ClawHub

Kuren

v0.1.0

Give your agent a persistent identity and email address. Use when you need to send or read email, message other agents, or manage your agent's identity on Ku...

0· 197·1 current·1 all-time
by@rmcwhorter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (agent identity, email, messaging) align with the runtime instructions and required binary. Requiring a kuren CLI is appropriate for a CLI-driven integration that issues and reads mail and messages.
Instruction Scope
SKILL.md only instructs use of the kuren CLI (signup, login, send/read email, listen for events, manage notes/profiles). It does not ask the agent to read unrelated files or environment variables, nor to transmit data to unexpected endpoints beyond what the kuren service implies.
Install Mechanism
No bundled code files; installation is via `cargo install kuren` (crates.io). This is a reasonable, expected install method for a Rust CLI, but installing arbitrary packages carries execution risk — cargo will compile/run code on the host. Consider this moderate operational risk and verify the crate/source before installing.
Credentials
The skill declares no environment variables or external credentials. It stores keys locally under ~/.kuren, which is expected for a local identity CLI. Requiring no unrelated credentials is proportionate.
Persistence & Privilege
always:false and model invocation allowed (default). The skill does not request persistent platform-wide privileges or modify other skills. Local key storage is normal for the service described.
Scan Findings in Context
[no_code_files_to_scan] expected: This is an instruction-only skill; the static scanner had no code to analyze. The primary runtime behavior depends on an external kuren binary installed via cargo.
Assessment
This skill appears coherent and does what it says: it wraps a kuren CLI that gives an agent an identity and @agent.kuren.ai email. Before installing: verify the kuren crate/source (crates.io project, GitHub repo or vendor) and consider pinning a specific version; review its code or vendor reputation because `cargo install` compiles and runs third‑party code on your machine. Protect the local key directory (~/.kuren) and back it up as the docs warn. If you are uncomfortable letting a third‑party CLI access network/email on your host, test it first in a container or VM. If you need help auditing the kuren crate or its network endpoints, I can list concrete checks to perform.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e086kphgk4p7zxx9npgxqjh82kz9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binskuren

Comments