Skillv1.0.1

ClawScan security

Commune — Agent Email Inbox · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 10:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches an agent-focused email API, but there are important inconsistencies (registry metadata vs runtime instructions), an unknown source, and a modest supply-chain/credential handling risk you should review before installing.
Guidance: This skill appears to implement what it claims — an agent-native email API — but there are a few red flags you should address before installing: 1) Registry metadata incorrectly says no env vars are required, but the CLI and docs require COMMUNE_API_KEY — treat that as required. 2) The source/homepage are missing; verify the publisher and the official project (commune.email) before trusting the key or installing packages. 3) INSTALL.md asks you to pip install commune-mail / commune-mcp and references raw GitHub tarball installs; confirm those packages/repositories are legitimate on PyPI/GitHub to avoid supply-chain risks. 4) The CLI looks for credentials.json in several common locations — avoid storing unrelated secrets in those locations and prefer setting COMMUNE_API_KEY as an environment variable with least privilege. 5) Because the skill can send arbitrary emails, test it in an isolated environment, review webhook handling (verify HMAC secrets), and avoid using high-privilege or long-lived keys until you confirm the service and packages are authentic. If you can, ask the publisher for a canonical source repository or homepage and verify the PyPI package names and GitHub repo before proceeding.

Review Dimensions

Purpose & Capability: concernThe skill claims to provide an agent-native email inbox and the runtime docs and CLI expect a COMMUNE_API_KEY — that is coherent with the stated purpose. However, the registry metadata incorrectly lists no required environment variables or primary credential while SKILL.md and scripts explicitly require COMMUNE_API_KEY. This metadata mismatch is misleading and could hide that an external service key is required.
Instruction Scope: okSKILL.md and the included CLI focus on the Commune email API (creating inboxes, sending/receiving, webhooks, semantic search, structured extraction). The instructions only reference the Commune API endpoints and the COMMUNE_API_KEY; they do not instruct reading unrelated system files or exfiltrating arbitrary data. They do instruct saving inbox_id to /workspace/memory and configuring webhook endpoints.
Install Mechanism: noteThere is no automated install spec in the registry (instruction-only), which reduces automatic risk. However INSTALL.md recommends installing third-party Python packages (commune-mail, commune-mcp) and provides raw GitHub curl/tar examples referencing other repos. Those manual install steps introduce supply-chain risk: the code relies on external PyPI packages and possibly GitHub tarballs that are not verified in the manifest. The skill includes a local CLI script (scripts/commune.py) that will attempt to import those packages.
Credentials: concernThe runtime and install docs require a single API key (COMMUNE_API_KEY), which is appropriate for an email API. But the registry metadata claims no required env vars, creating an inconsistency. The CLI also looks for credentials.json in multiple locations (skill root, current working dir, ~/.config/commune/credentials.json) — convenient but risky if you place credentials in shared directories. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true, does not claim elevated system privileges, and does not attempt to modify other skills or system-wide configs. It suggests saving inbox_id to a workspace file (manual guidance) but does not itself persist configuration beyond local usage. Autonomous invocation is allowed by default but is not an extra privilege of this skill.