Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Email management and automation. Send, read, search, and organize emails across multiple providers.
⭐ 0· 603·35 current·36 all-time
by@awspace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description, README, SKILL.md, and email_sender.py are coherent: this is an SMTP email sender supporting attachments, multiple providers, TLS/SSL, and environment/config-file credentials. However, the registry metadata lists no required environment variables or primary credential even though the code expects SMTP credentials (username/password) and other SMTP settings; that mismatch is unexpected and should have been declared.
Instruction Scope
Runtime instructions stay within the stated purpose (configure SMTP settings, run the Python script, or call the Python API). They explicitly instruct the user to place credentials in email_config.json or environment variables. The skill can read arbitrary files from the workspace to attach and can be invoked from OpenClaw to send those files — expected for an email tool but also a potential vector to exfiltrate sensitive files if misused.
Install Mechanism
This is instruction-only with included Python source; there is no remote install or binary download. requirements.txt lists no external runtime packages. No high-risk install actions (no downloads from arbitrary URLs or extracted archives) were found.
Credentials
The skill requires sensitive credentials (SMTP username/password) at runtime, and the code reads several environment variables (SMTP_SERVER, SMTP_PORT, EMAIL_USERNAME, EMAIL_PASSWORD, EMAIL_SENDER_NAME, EMAIL_USE_TLS, EMAIL_USE_SSL) — but the registry metadata declares no required env vars or primary credential. Omitting declaration of the primary secret (email password) reduces transparency and is disproportionate to what the registry claims.
Persistence & Privilege
The skill is flagged always: true (force-enabled for every agent/session). Combined with the ability to read arbitrary workspace files for attachments and access SMTP credentials, this persistent presence raises the risk that the skill could be used to exfiltrate files or send data without explicit per-session consent. always: true is unusual for a capability that handles sensitive credentials and file attachments.
What to consider before installing
This email skill appears to implement expected SMTP functionality, but take precautions before installing: (1) do not store real credentials in repos — use environment variables or a secrets manager and rotate app passwords; (2) the registry metadata does not declare the sensitive env vars the code reads (EMAIL_PASSWORD), ask the publisher to correct this before trusting the skill; (3) because always: true is set, prefer disabling always-on or require explicit enabling so the skill cannot be invoked by default across agents; (4) review the email_sender.py source yourself (it’s included) and test using a dedicated, limited-permission email account to reduce blast radius; and (5) avoid granting the skill access to directories with sensitive files — attachments can include any workspace file and could be used to exfiltrate secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk979t6y4w9th358n1e70az8pt181zsnf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📧 Clawdis
Binspython3