ClawHub

Email Best Practices

v1.0.0

Use when building email features, emails going to spam, high bounce rates, setting up SPF/DKIM/DMARC authentication, implementing email capture, ensuring compliance (CAN-SPAM, GDPR, CASL), handling webhooks, retry logic, or deciding transactional vs marketing.

10· 3.8k·16 current·18 all-time
byChristina Martinez@christina-de-martinez
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (email deliverability, SPF/DKIM/DMARC, webhooks, retries, compliance) align with the included resources and examples. All code snippets and examples relate to sending reliability, deliverability, consent, and webhook processing—no unrelated services, binaries, or credentials are demanded by the skill metadata.
Instruction Scope
SKILL.md and resource files are documentation and examples for implementing email systems. They do include runnable example snippets (TypeScript, bash, curl, dig) and mention environment variables (e.g., RESEND_WEBHOOK_SECRET) and third-party services (Resend, Svix). Nothing in the instructions tells the agent to read arbitrary host files, exfiltrate data, or call unexpected external endpoints. One content note: list-management recommends keeping suppression lists 'indefinite', which can conflict with data minimization and some regional retention requirements (GDPR) — implementers should adapt retention to applicable law.
Install Mechanism
There is no install spec and no code files that would be downloaded or executed. This is instruction-only documentation; no install-related risk is present.
Credentials
The skill declares no required env vars, credentials, or config paths. The documentation shows example usage of environment variables (API keys, webhook secrets) for webhook verification and API calls—these are typical and proportional to the described purpose, but they are only examples; the skill itself does not request them. Users should not assume the skill will automatically access secrets.
Persistence & Privilege
The skill does not request always:true, does not install files or modify agent/system configuration, and is user-invocable only. It does not request persistent/system privileges.
Assessment
This skill is documentation and example code for building email systems — generally safe and coherent with its description. Before using it: review the examples and adapt them to your environment (don’t paste real API keys into examples), choose appropriate data-retention policies (the docs suggest indefinite suppression lists which can conflict with GDPR/data-minimization), secure webhook endpoints (verify signatures and store secrets safely), and confirm third-party references (Resend/Svix links) fit your vendor choices. If you need the agent to run any of the example code, make sure you provide only the minimal environment variables and credentials required and audit any outgoing network calls the agent will make.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f0jdg6v1hss3m7xvn54z6c9802wjy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments