Back to skill
Skillv1.0.0
ClawScan security
Check Emails 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 3:39 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions tell the agent to run the 'himalaya' CLI to read your last 10 emails, but the skill metadata does not declare that binary or any credentials/config it will use — this mismatch is unexplained and worth caution.
- Guidance
- This skill will run the 'himalaya' CLI to list your most recent 10 emails but the package metadata does not declare that dependency or any credentials it will use. Before installing or invoking: (1) confirm you have the himalaya binary from a trusted source; (2) review your local himalaya configuration to know which account and tokens will be accessed; (3) be aware that the skill will display actual email headers/bodies — potentially sensitive; (4) prefer a version that explicitly lists required binaries and explains where credentials come from, or run the command yourself locally instead of granting the agent autonomous access.
Review Dimensions
- Purpose & Capability
- concernSKILL.md explicitly runs: `himalaya envelope list --page 1 --page-size 10`. The registry metadata declares no required binaries or credentials. Running 'himalaya' is central to the stated purpose, so the skill should have declared the himalaya binary and any required config/credentials. The omission is an inconsistency.
- Instruction Scope
- noteThe runtime instruction is narrowly scoped (run a single himalaya command to list 10 emails), which fits the described purpose. However the instructions do not say which account/config/himalaya profile will be used or where credentials come from, giving the agent broad implicit access to whatever mail config/tokens are present on the host.
- Install Mechanism
- noteNo install spec (instruction-only), so nothing is written to disk by the skill itself. This is lower risk, but it also means the skill relies on a preinstalled 'himalaya' binary — which the metadata fails to declare.
- Credentials
- concernThe skill declares no required environment variables or credentials, yet the himalaya command will access the user's mail store or credentials stored in the system (Himalaya config, keyring, or env vars). The lack of declared credential/config requirements is disproportionate and leaves unclear what sensitive data will be read.
- Persistence & Privilege
- okalways:false and normal invocation settings. The skill does not request elevated or persistent platform privileges.