ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentMail Integration

v1.1.0

Integrate AgentMail API for AI agent email automation. Create and manage dedicated email inboxes, send and receive emails programmatically, handle email-based workflows with webhooks and real-time events. Use when Codex needs to set up agent email identity, send emails from agents, handle incoming email workflows, or replace traditional email providers like Gmail with agent-friendly infrastructure.

0· 3.4k·14 current·15 all-time
by@synesthesia-wav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description, SKILL.md, and scripts are coherent: they implement programmatic inboxes, sending, receiving, and webhook handling. However the registry metadata declares no required environment variables or primary credential even though the instructions and all scripts require AGENTMAIL_API_KEY — an important mismatch that reduces trust in the package metadata.
Instruction Scope
The SKILL.md and code files stay within email integration functionality (create/list/send/read inboxes, set up webhooks, download attachments, forward to Slack, etc.). They explicitly call out prompt‑injection risks and recommend allowlists/human review. Examples instruct saving attachments to disk and using ngrok for local webhook testing — expected for this domain but security‑sensitive, so operators must follow the guidance (allowlist, signature verification, human-in-the-loop).
Install Mechanism
No install spec is provided in the registry (instruction-only), but the code imports a third‑party 'agentmail' package and uses python-dotenv; SKILL.md tells users to 'pip install agentmail python-dotenv'. That's not inherently malicious, but the registry should declare these dependencies. Verify the 'agentmail' package origin (PyPI project, source repo, or vendor) before installing.
!
Credentials
Scripts and SKILL.md require AGENTMAIL_API_KEY (and sample code references WEBHOOK_SECRET and SLACK_WEBHOOK) but registry metadata lists no required env vars or primary credential. Requiring an API key to call the external service is appropriate, but the omission in metadata is a mismatch and increases risk (the skill will fail or prompt for secrets at runtime). Only provide sensitive keys after verifying the service and code.
Persistence & Privilege
The skill does not request always:true or attempt to modify other skills or system-wide agent settings. It is user-invocable and allows autonomous invocation by default (platform standard). Because it handles webhooks and can trigger actions based on incoming email, follow the SKILL.md guidance to limit capabilities and require human approval for dangerous actions.
Scan Findings in Context
[ignore-previous-instructions] expected: The SKILL.md and WEBHOOKS.md intentionally include example attacker phrases (e.g., 'ignore previous instructions') to illustrate prompt-injection threats. This is expected and the presence of the phrase as a scan hit is not by itself malicious.
What to consider before installing
What to check before installing or supplying secrets: - The code and README expect an AGENTMAIL_API_KEY but the registry metadata does not declare it — treat that as a red flag and don't paste keys into your environment until you verify the service. - Verify the 'agentmail' Python package source (PyPI project page or upstream repo) and inspect it for unexpected network or filesystem behavior before pip installing in production. - If you enable webhooks, follow the SKILL.md: use a webhook secret or signature verification, maintain a sender allowlist, and route suspicious messages to human review. Do not process inbound email as 'trusted commands'. - Avoid exposing production endpoints via ngrok or public URLs without proper authentication; use TLS and HMAC signatures for webhook verification. - Review sample code that downloads attachments and writes files — run these scripts in an isolated environment and validate attachments before processing. - Because the skill's source/homepage is unknown, prefer testing in a sandboxed environment and audit the agentmail client library and these scripts before giving any credentials or enabling autonomous processing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97feq4kgdm8kjyab64e4szgex803ef7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments