ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

email-skill

v1.0.3

Upgraded to https://clawhub.ai/tyxiang/ai-agent-email-skill and no longer maintains this version.

0· 130·0 current·0 all-time
by@tyxiang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tyxiang/tyxiang-email-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "email-skill" (tyxiang/tyxiang-email-skill) from ClawHub.
Skill page: https://clawhub.ai/tyxiang/tyxiang-email-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tyxiang-email-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install tyxiang-email-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is named 'email-skill' but the SKILL.md only contains a one-line deprecation/upgrade notice and no capabilities, APIs, or required credentials. Someone expecting an email integration would legitimately need SMTP/API credentials and runtime instructions; those are absent, so the declared purpose does not match the actual contents.
!
Instruction Scope
The runtime instructions are effectively empty (just a name and a note that this version is deprecated). There are no commands, no guidance on what the agent should do, and no references to files, env vars, or external endpoints. This makes the skill non-functional and ambiguous about intended behavior.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes risk from downloads or executed installers.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no evidence of disproportionate access requests.
Persistence & Privilege
The skill does not request always:true, does not modify configs, and has default invocation settings. There are no indications it would gain elevated or persistent privileges.
What to consider before installing
This package appears to be a deprecated placeholder pointing to a new location and does not implement any email functionality. It is not harmful but also not useful: installing it won't provide an email skill. If you need an email integration, install the maintained skill at the URL in the description and verify what credentials (SMTP/API keys) it requires before granting them. If you expected this skill to work, treat it as broken/abandoned rather than malicious. If you want a fuller security evaluation, provide the newer skill's SKILL.md or any code files so those can be reviewed.

Like a lobster shell, security has layers — review code before you run it.

latestvk977914h9mfp3p69qx84qkrm41847kvx
130downloads
0stars
4versions
Updated 3w ago
v1.0.3
MIT-0
@tyxiang
latest
Download
Loading README...

Comments

Loading comments...