Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Snail Mail
v1.0.0A slow-channel inbox for leaving your operator important messages. Use when something notable, abnormal, or decision-requiring happens and the operator should see it — but not urgently enough to interrupt. Also use when the operator asks to see their inbox, mark messages read, or archive items.
⭐ 0· 728·0 current·0 all-time
byMemeothy@dvdegenz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an on-disk inbox and the code implements that exactly (local JSON storage, add/list/archive/render). However the registry lists no required binaries while the CLI and scripts clearly assume a Node.js runtime (commands call 'node .../scripts/inbox.js'). The absence of a declared runtime is an incoherence: a consumer or agent orchestrator needs to know Node is required.
Instruction Scope
SKILL.md instructs the agent to create/read/write {workspace}/inbox/messages.json and to run the included Node script for add/list/render/heartbeat. The runtime code also reads process.env.OPENCLAW_WORKSPACE and process.env.OPENCLAW_CHANNEL for behavior. Those environment variables are referenced in instructions/code but are not declared in the skill metadata. Apart from that, the instructions stay within the expected scope (no network calls, no reading of unrelated files).
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk. The skill includes a single JS script that is run by the agent; nothing is downloaded or extracted at install time. This is coherent and low-risk from an install mechanism perspective.
Credentials
The skill requests no secrets and does not attempt to access external endpoints — that's good. However, it relies on environment variables (OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL) and falls back to HOME if not set; these env vars are not declared in requires.env or listed as primaryEnv. The metadata should list the runtime requirement (Node) and any env vars the skill expects so users know what will be read and where data will be written.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes only to an inbox directory under the workspace/HOME and uses atomic file writes. Autonomous invocation (disable-model-invocation=false) is normal and not by itself a concern here.
What to consider before installing
This skill appears to be a simple local inbox: it stores messages in a JSON file and has no networking or secret access. Before installing, note these inconsistencies: (1) The CLI uses Node.js but the skill metadata does not declare any required binary — ensure your agent environment provides node and the expected Node version. (2) The code reads OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL (and falls back to $HOME); these environment variables are not listed in the skill metadata. Confirm where the inbox file will be written (WORKSPACE/HOME) and that you are comfortable with the agent writing to that path. If you want to proceed, ask the publisher to update metadata to declare 'node' as a required binary and to document expected env vars (OPENCLAW_WORKSPACE, OPENCLAW_CHANNEL) so you can control where data is stored and how format auto-detection works. If you need higher assurance, review the included scripts/inbox.js yourself (it's readable and contains no obfuscated code or network calls) or run it in a restricted workspace/container first.Like a lobster shell, security has layers — review code before you run it.
latestvk9761z041n87d04kk8nfqxms1d811svz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.