ClawHub

send-email

v1.0.1

Send emails via SMTP. Configure in ~/.openclaw/openclaw.json under skills.entries.send-email.env.

5· 6.5k·48 current·50 all-time
by@fontstep
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included Python script which sends SMTP mail; requiring python3 is appropriate. However the skill does not declare the SMTP environment variables in its metadata even though they are required at runtime. There is also an additional shell script that uses msmtp/mutt and ~/.msmtprc — tools not declared in the manifest and not mentioned in SKILL.md's required binaries.
!
Instruction Scope
SKILL.md explicitly instructs the agent not to read config files and to rely on OpenClaw injecting env vars at runtime. That is unusual but not inherently bad. The bigger concern: SKILL.md tells the agent to run the Python script only, yet the package also contains send_email.sh which references ~/.msmtprc, msmtp and mutt (and could be invoked by an agent or user). SKILL.md forbids using ~/.msmtprc, but send_email.sh explicitly references it — a contradictory instruction that could lead to using local mail credentials unexpectedly.
Install Mechanism
No install spec (instruction-only) and included code lives in workspace; nothing is downloaded or executed on install. This is low-risk from installation mechanics.
!
Credentials
The skill requires sensitive SMTP credentials (EMAIL_SMTP_PASSWORD etc.) which are reasonable for an email sender, but those env vars are not declared in the manifest/metadata (registry shows none). That lack of declaration reduces transparency. Also the shell script can rely on ~/.msmtprc which may expose other account credentials unrelated to this skill.
Persistence & Privilege
Skill is not always-loaded and uses default model-invocation behavior. It does not request persistent privileges or modify other skills/system configuration.
What to consider before installing
This skill's Python email sender is coherent and appears safe for sending mail when provided with SMTP credentials. However: - The package does not declare the required SMTP env vars in its metadata; double-check that OpenClaw will actually inject EMAIL_SMTP_SERVER, EMAIL_SMTP_PORT, EMAIL_SENDER and EMAIL_SMTP_PASSWORD before enabling. - The repository contains a shell script (send_email.sh) that uses msmtp/mutt and ~/.msmtprc; SKILL.md explicitly tells the agent not to use ~/.msmtprc, but the script references it — verify the agent will only run the Python script and not the shell script. The shell script could cause use of other local mail configs/credentials. - If you enable this skill, consider testing with a throwaway email account/app-password first, and confirm via logs which executable was run. If you want to reduce risk, only allow user-invoked runs (disable autonomous invocation for this skill) or remove/rename the shell script so the agent cannot call it by mistake. If you want me to, I can produce a trimmed version that only exposes the Python script and updates the skill metadata to declare required env vars, or show how to run a safe test with a disposable account.

Like a lobster shell, security has layers — review code before you run it.

latestvk9750mawdmc796ey9232vdzv4n80ezp3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Any binpython3

Comments