Skillv1.0.1

ClawScan security

ProtonMail via Proton Mail Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 18, 2026, 5:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and environment requirements are coherent with its stated purpose: it connects to a locally running Proton Mail Bridge using the Bridge-generated account and password and does not request unrelated credentials or remote endpoints.
Guidance: This skill appears to do what it says: it connects to a local Proton Mail Bridge using the Bridge-generated credentials. Before installing, consider the following: 1) Avoid storing the Bridge password in plain text if possible — prefer OS keychain/password manager or ensure ~/.openclaw/openclaw.json is strictly permissioned (chmod 600). 2) Be aware OpenClaw session logs/tool calls can contain email text; protect your workspace and access to your machine. 3) Verify you install Proton Mail Bridge from the official source (Homebrew cask or Proton's site). 4) Review the skill source if you want extra assurance (it uses local IMAP/SMTP only; no external endpoints). 5) Keep the skill and dependencies updated and audit npm dependencies periodically. Note: some documentation files mention TLS validation behavior; the code constrains Bridge hosts to localhost and uses plain localhost connections — this is expected for Bridge but is a local-only trust decision you should accept consciously.

Review Dimensions

Purpose & Capability: okName/description, required env vars (PROTONMAIL_ACCOUNT, PROTONMAIL_BRIDGE_PASSWORD), dependencies (imap, nodemailer, mailparser) and the brew install of Proton Mail Bridge align with a skill that talks to a local IMAP/SMTP bridge. Nothing requested appears unrelated to reading/sending ProtonMail via Bridge.
Instruction Scope: noteSKILL.md keeps instructions scoped to installing/starting the Bridge, obtaining the Bridge-generated IMAP/SMTP credentials, adding them to OpenClaw config, and using the CLI/tool. It does instruct copying the skill into ~/.openclaw/skills and mentions that OpenClaw session logs may contain email text — a relevant privacy/security note. No instructions ask the agent to read unrelated system files or exfiltrate data, but the instructions do rely on storing credentials in an OpenClaw config file (see environment_proportionality).
Install Mechanism: okInstall spec is a Homebrew cask for the official Proton Mail Bridge — an expected, low-risk distribution method. The package also uses standard npm dependencies; the included install-skill script copies files into ~/.openclaw which is a normal local install step for skills.
Credentials: noteRequested environment variables are exactly the Bridge account and Bridge-generated password — appropriate and minimal for the stated functionality. However, SKILL.md suggests storing the Bridge password in ~/.openclaw/openclaw.json (plain JSON), which is sensitive. The project recommends chmod 600 and keychain/password manager, but users should treat that file and OpenClaw session logs as sensitive because they may contain email content.
Persistence & Privilege: okSkill is not always:true and does not request system-wide elevated privileges. It installs into the user's OpenClaw skills directory and registers tools — expected for a skill. Autonomous invocation is allowed (platform default) but does not on its own increase concern given the limited, local-scope access.