Commune — Agent Email Inbox
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent email-inbox integration, but it gives an agent persistent external email powers and broad API-key access that are not tightly scoped or fully reflected in the metadata.
Install only if you intentionally want an agent to operate a dedicated external email inbox. Use a separate low-privilege API key and inbox, require confirmation before sending email or changing account state, avoid routing sensitive mail to it unless you trust the provider, and review the unpinned Python/MCP dependencies before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could send emails or change email workflow state in ways that affect real people, organizations, or the user’s reputation.
The skill invites autonomous external email activity, but the artifacts do not define approval, recipient, volume, or content-review limits before an agent sends or modifies email workflows.
need to send or receive email autonomously ... automate any email workflow entirely via curl
Require explicit user confirmation for sending emails, adding webhooks, changing domains/inboxes, or bulk triage actions; use a dedicated inbox with narrow permissions.
Installing or invoking the skill may grant the agent account-level email authority that users may not notice from the registry metadata alone.
The skill requires a bearer API key with broad read/write access over domains, inboxes, threads, messages, and attachments, while the registry metadata says no primary credential or required env var.
Requires `COMMUNE_API_KEY` env var ... Permission scopes on API keys: `domains:read` `domains:write` `inboxes:read` `inboxes:write` `threads:read` `threads:write` `messages:read` `messages:write` `attachments:read` `attachments:write`
Declare the credential and capabilities in metadata, use least-privilege API keys if supported, and avoid giving this skill keys for important business or personal mailboxes.
Private email content could become persistent agent context and be processed for search or extraction beyond the immediate task.
The skill stores email as long-term agent memory and processes inbound content with semantic search/extraction, but the artifacts do not clearly bound retention, reuse across tasks, or sensitive-data handling.
Your inbox is persistent across every session — it's your long-term memory ... Commune uses vector embeddings (Qdrant + Azure OpenAI) ... Every inbound email is automatically parsed into structured fields by AI
Use only a dedicated inbox, avoid sensitive personal or regulated data unless you trust the provider’s retention and processing practices, and document deletion/retention controls.
The installed code may depend on whatever versions are current at install time.
The install guide uses unpinned external packages and a mutable remote tarball path. These steps are user-directed and purpose-aligned, but provenance is not pinned in the artifacts.
pip install commune-mail ... pip install commune-mcp ... curl -L "$tarball_url" | tar -xz -C "$dest"
Pin package versions or review the external packages before installation, especially the optional MCP server.
If webhook verification or routing is implemented poorly, inbound email could trigger unintended automation.
Webhook integration is disclosed and includes HMAC verification guidance, but it can trigger downstream automation from inbound email and should be treated as an agent communication boundary.
Set Webhook ... endpoint="https://your-app.com/webhook" ... Receives a `POST` with signed payload when emails arrive. Verify with `verify_signature()`.
Verify webhook signatures, restrict webhook endpoints, and avoid automatically acting on inbound email without validation.