ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Email Importance Content Analysis

v1.0.1

Judge whether an email is important/urgent using content-based analysis rather than sender name or mailbox labels (which can be spoofed). Use when asked to triage emails, decide priority, detect phishing/social-engineering, or recommend next actions (reply/pay/login/download/click) based on what the message asks the user to do.

0· 960·0 current·0 all-time
by@shingo0620
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the SKILL.md: it explains subject-first triage, when to do technical checks (SPF/DKIM/DMARC/links/attachments), content analysis, and recommended next steps. The skill does not ask for unrelated credentials or system access that would be inconsistent with email triage.
Instruction Scope
Instructions stay within email-triage scope (subject/sender check, optional header inspection, link/attachment caution, out-of-band verification). They do not direct the agent to read unrelated files, environment variables, or to transmit data to arbitrary endpoints. Minor ambiguity: SKILL.md mentions obtaining raw headers via mailbox UI or via 'gog `gmail get`' — if an automation used that command it would require mailbox API access, but the skill does not declare or request such credentials.
Install Mechanism
No install spec and no code files — instruction-only skills have minimal install risk and nothing is written to disk or downloaded.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for a guidelines-only skill. Be aware: fully automated execution that fetches headers or emails would require mailbox credentials (OAuth/API tokens), but those are not requested here — so automated fetching is not supported by the skill as-declared.
Persistence & Privilege
always is false and the skill does not request persistent agent configuration or elevated platform privileges. Default autonomous invocation (disable-model-invocation=false) is normal and not problematic by itself.
Assessment
This skill is a set of safe, sensible triage instructions and appears coherent. Before installing/use: (1) Confirm whether you want manual use (paste an email for analysis) or automated access — automated fetching would require mailbox credentials, which this skill does not declare. (2) Never supply broad OAuth tokens or mailbox credentials unless you trust the skill owner and understand exactly what will be accessed. (3) Test the skill on non-sensitive emails first. (4) Ask the publisher to clarify what 'gog `gmail get`' refers to and whether any automation would attempt to access your mailbox or send data to external services.

Like a lobster shell, security has layers — review code before you run it.

latestvk977qv0bcbr82ap58ewnjc23ax80z6k3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments