Skillv1.0.1

ClawScan security

Simple Email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 4:17 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it implements an IMAP/SMTP CLI in Node.js and only asks for the email credentials and local read/write whitelist you would expect for that functionality.
Guidance: This skill appears to be what it claims: a Node.js IMAP/SMTP client. Before installing, consider the following: - Use an app-specific password or email authorization code and enable two-factor auth where possible; do not use your main mailbox password. - Create a dedicated mailbox/account for the skill if you want to limit blast radius. - Configure ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS narrowly (only the directories you actually need) — the scripts enforce these, so set them before enabling downloads or reading files. - Do not commit the generated .env to version control; setup.sh already warns and sets file permissions. - Verify the source/author if provenance matters: package.json lists "NetEase" as author but registry metadata shows source unknown; the homepage is a generic GitHub org. If you require stronger assurance, review the included scripts yourself or run them in an isolated environment/container. - If you need to automate agent-driven email sending, remember the skill will be able to send emails (it sends a test email during setup). Ensure that behavior aligns with your security policy. If you want additional assurance, ask for a short summary of any network endpoints contacted by the code (beyond IMAP/SMTP) and confirm there are no hard-coded external URLs — the provided files show none.

Review Dimensions

Purpose & Capability: okName/description (IMAP/SMTP email client) matches the requested binaries (node, npm), the required env vars (IMAP_* and SMTP_*), and included scripts (imap.js, smtp.js). The functionality requested (send/receive/search/download attachments) is coherent with the declared requirements.
Instruction Scope: okSKILL.md instructs the agent to install node deps, create/edit a .env, and run the included scripts. The runtime instructions and code only perform mailbox operations and local file reads/writes (attachment download, reading body/subject files). The setup script sends a test email to the configured SMTP_USER (expected). There are no instructions to read unrelated system files or to transmit data to external endpoints beyond IMAP/SMTP servers.
Install Mechanism: okNo remote downloads from arbitrary hosts; dependencies are standard npm packages (package.json and package-lock.json present). The SKILL.md requires running npm install which is appropriate for a Node.js skill. No extract/URL-based installers are used.
Credentials: noteDeclared required env vars (IMAP_HOST/USER/PASS, SMTP_HOST/USER/PASS) match code usage and are proportional. Note: the code and SKILL.md also rely on several optional env vars that are not listed in the registry metadata (ALLOWED_READ_DIRS, ALLOWED_WRITE_DIRS, IMAP_PORT/IMAP_TLS/SMTP_PORT/SMTP_SECURE/SMTP_FROM, IMAP_REJECT_UNAUTHORIZED/SMTP_REJECT_UNAUTHORIZED). ALLOWED_* are used to whitelist filesystem access (good practice), but the missing declaration is an inconsistency you should be aware of.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges. setup.sh creates a local .env and sets permissions (chmod 600) but does not modify other skills or system-wide agent settings. Agent autonomous invocation is allowed (platform default) and not by itself a concern.