ClawHub

Email Assistant

v1.0.0

AI-powered email writing, review, and compliance checking. Generate templates, optimize subject lines, audit for spam triggers, and check CAN-SPAM/GDPR/CASL...

0· 16·0 current·0 all-time
by@evolinkai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested resources and behavior: the script requires an EvoLink API key for AI features and calls api.evolink.ai. Required binaries (python3, curl) are legitimately used to build JSON payloads and make HTTP requests. The included installer copies skill files into a 'skills/<slug>' directory — consistent with an installable skill.
Instruction Scope
SKILL.md and scripts confine actions to described functionality: listing templates, showing DNS guidance, and sending user-supplied email content to api.evolink.ai for AI analysis. The scripts only read the file(s) the user supplies (and truncate to 12,000 chars) and create temporary payload files that are removed. There are no instructions to read unrelated system files, scan the filesystem, or exfiltrate environment variables beyond EVOLINK_API_KEY.
Install Mechanism
There is no formal installer spec in the registry metadata, but the package includes an npm installer (npm/bin/install.js) intended for npx-based install flows; that installer copies files into a workspace under 'skills/<slug>' and writes lock/origin metadata in a '.clawhub' directory. This is expected for ClawHub-style skills but does write files into the user's workspace (not system-wide). The installer pulls no remote code at install time.
Credentials
Only EVOLINK_API_KEY is required (declared as primaryEnv) and EVOLINK_MODEL is optional. The scripts do not read other environment variables or ask for unrelated credentials. The API key is used in requests to the declared endpoint (api.evolink.ai).
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or global agent configuration. Installer writes files into a project-level '.clawhub' and 'skills/<slug>' location (expected). Temporary files used at runtime are removed via trap; no credentials are persisted by the script.
Assessment
This skill behaves as documented: AI features send the email text you provide to api.evolink.ai using the EVOLINK_API_KEY, while local commands (templates, dns) run offline. Before installing, consider: (1) Do not send highly sensitive PII or private email bodies unless you trust the EvoLink service and its data-retention policy; verify EvoLink's privacy/terms. (2) Keep your EVOLINK_API_KEY secret and use a scoped/limited key if the provider supports it. (3) The npm installer will copy files into a project-level 'skills/<slug>' directory and write a small .clawhub lock/origin file—review that location if you want to control file writes. (4) The code references Anthropic/Claude model names and sends an 'anthropic-version' header to evolink.ai — this is consistent with EvoLink acting as a Claude proxy but you may wish to confirm the provider's architecture if that matters. (5) If you need higher assurance, run the skill in an isolated environment or inspect the scripts locally (they are included) before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97449n8n64hpqa8as7cakkam984rjag

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, curl
EnvEVOLINK_API_KEY
Primary envEVOLINK_API_KEY

Comments