ClawHub

Near Email Reporter

v1.0.0

Send NEAR reports and alerts via email with SMTP configuration, scheduling, and automatic reporting.

0· 987·0 current·0 all-time
by@shaiss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (send NEAR reports via email) matches what the files do: the CLI accepts SMTP settings, stores them in ~/.near-email/config.json, and queries rpc.mainnet.near.org for account info. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md and README describe CLI usage and storing config in ~/.near-email. The runtime instructions and the script only read/write that config file and call the NEAR RPC; they do not instruct the agent to read other system files, environment variables, or send data to unexpected third-party endpoints.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The package includes a script but does not bundle nodemailer; README and comments instruct the user to run `npm install nodemailer` to enable sending. This is not inherently risky but requires the user to install a dependency themselves.
Credentials
The skill declares no required environment variables and the script uses a locally stored SMTP username/password provided via CLI. That is proportionate to an email-sending reporter. Credentials are kept in ~/.near-email/config.json with file mode 0o600 in the code.
Persistence & Privilege
The skill is user-invocable, not always:true, and does not modify other skills or system-wide settings. Its only persistent artifact is its own config file under the user's home directory.
Assessment
This skill appears coherent but review and take these precautions before installing: 1) Inspect the script (scripts/emailer.js) yourself — it stores SMTP credentials in ~/.near-email/config.json and will query rpc.mainnet.near.org. 2) Use an app-specific or limited-scope SMTP password (e.g., Gmail App Passwords) rather than your primary account password. 3) Confirm config permissions (mode 600) and that the config file is stored where you expect. 4) The skill does not include nodemailer; run npm install in a controlled environment and review that dependency before use. 5) Scheduling requires an external scheduler or background process — ensure you don't run persistent jobs with elevated privileges. 6) Because the skill source and publisher are unknown, prefer running it in a restricted environment or container until you are comfortable with the code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f4nnm80x8n1f3xrntha2tyh80rryw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments