UniOne Email API
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only UniOne email API skill, but it uses an API key to send emails and change email-account settings, so users should approve sensitive actions and verify the publisher.
Install only if you trust the publisher and need UniOne email automation. Before using it, configure a limited UniOne API key if possible, protect the key, verify the sending domain, and require explicit review for email sends, bulk/marketing messages, suppression-list edits, template deletion, webhook changes, and domain/project settings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad instruction could send unwanted email or alter email-service settings.
These are purpose-aligned API capabilities, but they allow the agent to perform externally visible or account-changing actions if invoked.
Send transactional and marketing emails via UniOne Email API. Manage email templates, validate email addresses, check delivery statistics, manage suppression lists, configure webhooks, and handle domain settings.
Approve each send and account-changing operation explicitly, checking recipients, content, volume, template changes, suppression-list changes, and webhook/domain settings.
If the key is exposed or used too broadly, someone could send email or change UniOne resources under the user's account.
The API key is necessary for the service integration, but it represents delegated authority over the user's UniOne account.
All requests require the `UNIONE_API_KEY` environment variable. Pass it as the `X-API-KEY` header.
Use the least-privileged UniOne key/project available, store it in a secret manager or environment variable, avoid sharing logs containing headers, and rotate it if exposed.
Delivery events or related email metadata could be sent to the wrong webhook endpoint if configured incorrectly.
Webhook configuration can send delivery-event data to an external endpoint; this is expected for email tracking but should be scoped to trusted destinations.
Track delivery — set up webhooks for real-time event notifications
Only configure webhooks to trusted HTTPS endpoints you control, and review what event data UniOne will send before enabling them.
Users may place more trust in the skill or provide an API key based on an unverified provenance claim.
The supplied registry information lists the source as unknown and no homepage, so the official-publisher claim is not independently verifiable from the provided artifacts.
This is an **official skill** from UniOne
Verify the publisher through UniOne's official documentation or support channels before relying on the 'official' claim.