ClawHub
Back to skill
v1.0.0

agentmail-cli

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

This is a coherent AgentMail email-management skill, but it gives the agent API-key-based ability to create inboxes, send/read/delete messages, and optionally store the key persistently.

GuidanceThis skill appears purpose-aligned for managing AgentMail. Before installing, be comfortable giving the agent an AgentMail API key, and require confirmation for outbound emails and deletions because those actions can affect other people or remove message threads.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
agentmail message send --from <inbox-id> --to recipient@example.com ... ; Delete a message (deletes entire thread): agentmail message delete <inbox-id> <message-id>

The skill exposes commands that send email externally and delete message threads. These actions are purpose-aligned and disclosed, but they can affect third parties or remove data.

User impactIf invoked with the wrong arguments, the agent could send an unintended email or delete an AgentMail thread.
RecommendationBefore allowing send or delete operations, confirm the sender inbox, recipients, subject/body, and exact message or inbox to be removed.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
install spec
node | package: @stepandel/agentmail-cli | creates binaries: agentmail

The skill depends on an external npm-installed CLI, while the provided file manifest contains only SKILL.md. Installing the package is purpose-aligned, but users are trusting that package as the implementation.

User impactThe installed npm package will be the code actually handling the API key and email operations.
RecommendationInstall from the expected npm package source, review the linked project or package provenance if needed, and keep the package updated.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
agentmail config set-key YOUR_API_KEY ... This stores the key at `~/.agentmail/config.json` and persists across sessions.

The skill requires an AgentMail API key and documents a persistent local storage path for it. This is expected for the service, but it grants continuing account access to the CLI.

User impactAnyone or any process able to use that configured CLI may be able to access the associated AgentMail account until the key is removed or revoked.
RecommendationUse a least-privilege AgentMail key if available, protect the config file, and revoke or remove the key when the skill no longer needs access.