ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gog Html Email

v1.0.0

Send beautifully formatted HTML emails via gog CLI with templates and styling

0· 627·0 current·0 all-time
bySyed Humair@syedair
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested artifacts: the skill only requires the 'gog' binary and provides HTML templates and a workflow for using 'gog gmail send --body-html'. No unrelated binaries, environment variables, or config paths are requested.
Instruction Scope
SKILL.md confines actions to reading template files in workspace/skills/gog-html-email/templates/, running sed substitutions, and calling the gog CLI to send email. This stays within the stated purpose. Caution: the recommended pattern uses shell substitution (sed and inline variable interpolation), which can be unsafe or break when untrusted or complex input (quotes, slashes, newlines) is inserted; the skill also enforces single-line templates which is why it avoids heredocs.
Install Mechanism
Instruction-only skill with no install spec and no external downloads — lowest-risk install profile. Templates are included in the bundle, so nothing is fetched at install time.
Credentials
The skill declares no required env vars or credentials. It relies on the user's existing gog configuration for sending mail (appropriate and proportional). It does not demand unrelated secrets or config paths.
Persistence & Privilege
always:false and user-invocable:true. disable-model-invocation:false (agent may call the skill autonomously) — this is the platform default. Because the skill can send email, consider whether you want autonomous agents to be allowed to invoke it without additional guardrails.
Assessment
This skill appears to do what it says: provide single-line HTML templates and a shell workflow to send them with the gog CLI. Before installing/use: (1) ensure you have and trust the 'gog' CLI and that it is authenticated to the correct account (the skill does not provide or request credentials); (2) test sends to yourself first; (3) sanitize or properly escape any untrusted user-provided content before feeding it into the sed pipeline to avoid shell/sed injection or broken HTML (consider using a safer templating approach if you will insert arbitrary input); (4) be aware that the skill allows autonomous invocation (normal default) — if you do not want agents to send email automatically, restrict invocation or require manual approval; (5) review the templates locally if you have privacy concerns (they are included in the skill bundle).

Like a lobster shell, security has layers — review code before you run it.

latestvk978h9mjv661zw0nx5rz6s574x818509

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
Binsgog

Comments