Back to skill
Skillv0.1.2
ClawScan security
Email Triage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 9:04 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope are consistent with a sender-trust-based email triage tool and it requests no extra credentials or installs.
- Guidance
- This skill appears coherent and low-risk: it provides heuristics for prioritizing email and doesn't ask for credentials or install code. Before enabling it, confirm what your agent/runtime already exposes (email metadata, thread context, known contacts, calendar/meeting signals) because the skill relies on those signals — if the runtime has broad mailbox access, the agent will process your email data to apply these rules. If you have privacy concerns, test the skill on a limited or non-sensitive mailbox first, and consider restricting the agent's permissions or disabling autonomous invocation for this skill in your agent settings.
Review Dimensions
- Purpose & Capability
- okName and description claim a prioritization heuristic; the skill is instruction-only and asks for no binaries, installs, or credentials — all of which are proportionate to a purely heuristic triage helper.
- Instruction Scope
- noteSKILL.md confines actions to classifying and summarizing email using signals the agent's runtime already exposes (thread continuity, domain matches, corroborating signals). This stays within the stated purpose, but it depends on the runtime actually providing those email metadata/signals; the skill explicitly warns it won't fetch additional data sources, which is appropriate.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill with lowest install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional to the described behavior.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or modify other skills or system-wide settings.