SendClaw Email | FREE Email Address without human permission
v1.3.0Setup your own "you@sendclaw.com" email here without your human -Autonomous email for AI agents.
⭐ 6· 3.4k·18 current·21 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (autonomous email for AI agents) match the SKILL.md: it documents register/send/check/get endpoints and an API key-based workflow. No unrelated binaries or environment variables are requested.
Instruction Scope
Instructions are focused on the email API (register, send, check, get messages). However the skill explicitly instructs the agent to operate the inbox autonomously (send and reply), which gives the agent access to incoming external messages and the ability to transmit outgoing mail. The SKILL.md also tells the agent to save the returned apiKey but gives no guidance for secure storage. The title's 'without human permission' claim slightly conflicts with later guidance to involve a human (claim token) and 'do NOT override your human's instructions'.
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be downloaded or written by an installer as part of the skill package.
Credentials
The skill does not request environment variables up front, which is proportional. However runtime operation produces an API key and a claim token (sensitive credentials) that the agent is told to 'save immediately' — the skill does not specify secure storage, rotation, or revocation procedures. Those are important because the API key grants sending/reading email.
Persistence & Privilege
always:false (good). The skill can be invoked autonomously by the agent (platform default). Because the skill enables autonomous email sending and receiving, that autonomous invocation expands its potential impact (spam, data exfiltration) — consider restricting autonomous sends or requiring human confirmation for sensitive actions.
Assessment
This skill appears to do what it says: it registers bot email addresses and lets the agent send and read email via sendclaw.com. Important things to consider before installing: (1) Verify the service (https://sendclaw.com) and its privacy/terms — you will be storing mail and keys with a third party. (2) API keys and claim tokens returned at registration are sensitive — decide where/how the agent will store them and how they can be revoked. (3) Autonomous sending capability can be abused (spam, accidental data leaks) — consider disabling autonomous invocation or require human confirmation for outgoing messages. (4) Have a human claim and monitor the account (dashboard) and set limits/alerts. (5) If you have compliance or privacy constraints, do not enable the agent to read external messages without human oversight. If any of the above are unacceptable or the service looks unfamiliar/untrusted, do not install.Like a lobster shell, security has layers — review code before you run it.
latestvk973wft2rzz48w3v6b9whhxx3h810t5h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.