Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email Bridge
v0.6.3Email management skill for AI assistants with real-time notifications, smart categorization (7 categories), verification code extraction, and HTML content sa...
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (email management, notifications, code extraction) match the code and runtime instructions. Providers (Gmail/IMAP/QQ/NetEase) are implemented in adapters and the skill legitimately needs stored credentials/OAuth tokens and local DB. No unrelated services or env vars are requested.
Instruction Scope
Runtime instructions and code keep scope to email tasks (sync, daemon, notifications). However the daemon's default configuration (notify_openclaw: true and include_verification_codes: true) will push potentially sensitive verification codes and optional body previews into OpenClaw system events. The SKILL.md warns not to paste auth codes in chat but the default behavior will transmit extracted verification codes to the agent — this is a privacy/exposure risk even though it's consistent with the skill's purpose.
Install Mechanism
Registry contains no automated install spec, but the repo includes pyproject, install.sh, and 'pip install -e .' is the documented install. Installing from source via pip is expected for this project; review install.sh and pyproject before running. No remote arbitrary download URLs were present in the manifest, lowering install risk.
Credentials
The skill does not request platform environment variables, but it requires provider credentials (OAuth credentials for Gmail, IMAP/SMTP auth codes) which are appropriate for an email client. A notable issue: credentials and OAuth tokens are stored on disk under ~/.email-bridge unencrypted (explicitly documented). That is proportionate for operation but increases local risk if the machine is compromised.
Persistence & Privilege
The skill does not request 'always: true' and follows normal daemon behavior, writing only to its own config and DB under ~/.email-bridge. Autonomous invocation is enabled by default (normal). It does not modify other skills or system-wide agent settings.
Assessment
This package is internally consistent with an email-management tool, but take these precautions before installing:
- Understand where secrets live: credentials and OAuth tokens are stored unencrypted under ~/.email-bridge/. Protect that directory (filesystem permissions, disk encryption). If you dislike plaintext tokens, do not install or run the daemon on untrusted machines.
- Limit what the daemon sends to the agent: change config so notify_openclaw = false or set include_verification_codes = false and include_body = false if you don't want codes or body previews pushed to OpenClaw events by default.
- Review install scripts (install.sh, pyproject.toml) locally before running pip install -e .; preferably install in a controlled virtualenv or container.
- After testing, if you remove the skill, revoke OAuth tokens (Gmail) and delete ~/.email-bridge to remove cached tokens and saved passwords.
- If you need higher assurance, inspect the repository files not fully shown here (truncated files) for any unexpected network endpoints or obfuscated code, and run the code in an isolated environment first.
Confidence is medium because some files were truncated in the manifest; a quick scan of the remaining files for unexpected network calls or obfuscated behavior would raise confidence to high.Like a lobster shell, security has layers — review code before you run it.
emailvk97dqjkpvhyzh98ebr64yktabn83gfjwgmailvk97dqjkpvhyzh98ebr64yktabn83gfjwlatestvk970pyzqbnetqjtjb158980r7d83n2mgqq-mailvk97dqjkpvhyzh98ebr64yktabn83gfjw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.