Greek Email Processor
PassAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Greek accounting email-processing skill, but it needs mailbox credentials and can handle sensitive financial messages, attachments, and optional outbound notifications.
Before installing, confirm you trust the publisher, use a dedicated accounting mailbox or app-specific password, keep IMAP access as narrow as possible, enable SMTP/Calendar/Slack only if needed, require human approval for all sends or forwards, and protect the local OPENCLAW_DATA_DIR because it may contain invoices, tax notices, and bank statements.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can access the configured accounting mailbox and read sensitive financial and government-related emails.
The skill requires mailbox credentials to connect over IMAP. This is expected for an email-processing skill, and the setup recommends app-specific passwords.
export IMAP_PASSWORD="app-specific-password" # Use app passwords, not main password
Use a dedicated service mailbox or app password with the least possible permissions, preferably read-only IMAP, and do not configure SMTP credentials unless sending is required.
If configured broadly, the agent could move financial documents or send business communications based on email classification.
The skill can process attachments, route emails/documents, and prepare outbound responses. These actions fit the stated purpose, and the artifacts also say auto-responses require human approval.
- **Document Extraction**: Automatic attachment download and processing - **Smart Forwarding**: Route emails to appropriate processing pipelines - **Client Notification**: Automated responses in Greek for document receipt
Require explicit user approval before sending emails or forwarding documents, and define exactly which folders, senders, attachment types, and destinations are allowed.
Sensitive financial documents may be stored locally and reused by later processing workflows.
The setup creates local directories for downloaded or routed accounting documents, which may include invoices, receipts, bank statements, and government notices.
mkdir -p $OPENCLAW_DATA_DIR/incoming/{invoices,receipts,statements,government}Store the data directory in a protected location, restrict filesystem permissions, set retention rules, and avoid placing it in shared or cloud-synced folders unless intended.
Calendar entries or Slack notifications could reveal sensitive accounting deadlines or processing activity if configured carelessly.
The skill discloses optional integrations that may send deadline or processing-status information to external services.
"GOOGLE_CALENDAR_ID": "Google Calendar ID for deadline event creation", "SLACK_WEBHOOK_URL": "Webhook URL for processing status notifications"
Only enable these optional integrations when needed, review what information is included in notifications/events, and use private channels/calendars.
The agent may keep checking the mailbox over time if the user configures monitoring.
The skill describes ongoing inbox monitoring. This is disclosed and fits the purpose, but it is a persistent-style behavior users should consciously enable.
- **Real-time Monitoring**: Continuous inbox monitoring with configurable intervals
Configure monitoring intervals, account scope, and a clear stop/disable procedure before enabling continuous processing.