Skillv1.0.0

ClawScan security

Email Approval Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 7:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally consistent with an email-drafting + approval workflow; nothing requested or instructed is disproportionate or clearly malicious, though there are a few operational details to verify before use.
Guidance: This skill appears to do what it says: draft emails, require explicit approval, then send and log them. Before installing, verify: 1) the agent runs with permission to write to the specified /root/.openclaw workspace or adjust paths to a less privileged location; 2) an email sender (email_manager.py or equivalent) exists and its credentials are configured securely (don’t hardcode SMTP credentials in world-readable files); 3) you are comfortable with every external message being CC'd to the named personal Gmail address (privacy/PII concern) — change or remove that if inappropriate; 4) the workflow’s reliance on an explicit textual approval is enforced in the agent implementation (don’t allow ambiguous replies like “looks good” to be treated as approval). If any of these are unclear, request the missing implementation details or modify the SKILL.md to use safer paths and to document how email credentials are provided and protected.

Review Dimensions

Purpose & Capability: okName and description match the runtime instructions: create drafts, present for human approval, then send and log after explicit approval. The hard-coded requirement to CC a specific person (Stef) and the use of specific workspace paths (/root/.openclaw/...) are design choices that align with the stated goal but should be confirmed by the user.
Instruction Scope: noteAll instructions stay within the email-approval workflow: they create draft files, show drafts to a human for approval, then call a local email sender (python3 email_manager.py send) and append an audit line to an email_log.csv. These steps reference specific absolute paths (including /root) and a local script (email_manager.py) that is not included — the agent will need permission to write those paths and a working email-sender available. The SKILL.md also hardcodes Stef's personal Gmail in CC which has privacy/PII implications.
Install Mechanism: okInstruction-only skill with no install steps and no third-party packages or downloads. This is the lowest install risk.
Credentials: noteThe skill declares no environment variables or credentials. However, sending email (email_manager.py) will require email credentials or SMTP configuration at runtime; those credentials are not requested or described here. Confirm where email credentials are stored and that they are supplied securely and minimally (only what the mailer needs).
Persistence & Privilege: okThe skill does not request elevated platform privileges and is not marked always:true. It writes to /root/.openclaw/workspace/ and an email_log CSV within the workspace — reasonable for an audit trail, but verify the agent's filesystem permissions and that writing under /root is acceptable.