ClawHub

IMAP

v1.0.0

Read, search, and sync IMAP mailboxes with UID-safe fetches, precise filters, and attachment-aware workflows.

0· 389·1 current·1 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: everything in the SKILL.md and supporting docs is focused on IMAP discovery, safe fetches, MIME/attachment handling, and incremental sync. No unrelated services, binaries, or credentials are requested.
Instruction Scope
Runtime instructions are limited to IMAP operations and local bookkeeping under ~/imap/. The docs explicitly require capability discovery, UID-safe fetches, and conservative mutation gates. They also explicitly warn not to store passwords or secrets. The only filesystem access suggested is creation and use of ~/imap/ and its files.
Install Mechanism
No install spec and no bundled code — instruction-only. That minimizes on-disk code execution risk because nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths beyond ~/imap/. It expects the user to supply IMAP credentials at runtime via existing local auth flows (bridges, OAuth, app passwords) rather than embedding secrets in skill memory.
Persistence & Privilege
The skill persists operational context under ~/imap/ (account metadata, folder maps, sync checkpoints, playbooks). This is appropriate for an IMAP sync helper but means durable state (which may include message identifiers and sync cursors) will be written to the user's home directory if memory is enabled. The docs explicitly forbid storing passwords or OAuth tokens in memory files. The skill is not always-enabled and allows autonomous invocation (the platform default); autonomous invocation alone is not flagged but you should be aware the skill can run when permitted by the agent.
Assessment
This skill appears coherent and focused on IMAP tasks. It is low-risk because it is instruction-only and asks for no global credentials or installs. Before using: (1) decide whether you want persistent ~/imap/ state — disable memory if you prefer no disk traces; (2) never paste passwords or tokens into memory files; use OS/password-manager/OAuth/app-password flows as recommended; (3) keep the mutation policy set to read-only by default unless you explicitly need write actions (move/delete/expunge); and (4) be mindful that the skill will connect to whatever IMAP endpoint you provide, so only give it credentials for mailboxes you trust and on machines you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk973h4gm3brce8pjq4vw11x0sd833bgv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
OSLinux · macOS · Windows

Comments