Back to skill
Skillv0.1.1
ClawScan security
Email Drafting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 2:58 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only email-drafting guide whose required actions and references (threading, formatting, Outlook REST calls, optional MCP integration) are coherent with its stated purpose and do not request unrelated access.
- Guidance
- This is an instruction-only, coherent drafting guide. It does not request credentials itself, but to save drafts or send messages the agent/platform will need mailbox access (API tokens or an email connector). Before enabling, confirm how your agent supplies email credentials and what permissions (read/write/send) the connected mailbox has. Also verify the platform enforces the skill's 'draft-first' rule (i.e., the agent will not send without your explicit approval).
Review Dimensions
- Purpose & Capability
- okThe name/description (drafting replies, tone matching, threading, formatting) matches the SKILL.md content. References to Outlook REST endpoints and an optional Node.js MCP are coherent as implementation options for saving/sending drafts.
- Instruction Scope
- okRuntime instructions stay within email-drafting scope: compose drafts, detect thread metadata, preserve formatting, present drafts for user approval, and only send after explicit confirmation. The instructions do require reading sender messages and message IDs (expected for threading) but do not instruct unrelated file reads or data exfiltration.
- Install Mechanism
- okNo install spec or code files are present (instruction-only), so nothing is written to disk and there is no installer risk.
- Credentials
- noteThe skill references using Outlook REST APIs and an optional 'email-agent-mcp' component but declares no required env vars or credentials. This is not necessarily malicious (the agent/platform may supply mailbox credentials), but users should be aware that actual send/save operations will require mailbox authentication and permissions which are not requested by the skill itself.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system privileges or modify other skills; autonomous invocation is allowed (platform default) but that is not combined with other concerning privileges.