Skillv1.0.0

ClawScan security

Gog Html Email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 6:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, templates, and runtime instructions are coherent with its stated purpose (sending HTML emails via the gog CLI) and do not request unrelated secrets or installs.
Guidance: This skill appears to do what it says: provide single-line HTML templates and a shell workflow to send them with the gog CLI. Before installing/use: (1) ensure you have and trust the 'gog' CLI and that it is authenticated to the correct account (the skill does not provide or request credentials); (2) test sends to yourself first; (3) sanitize or properly escape any untrusted user-provided content before feeding it into the sed pipeline to avoid shell/sed injection or broken HTML (consider using a safer templating approach if you will insert arbitrary input); (4) be aware that the skill allows autonomous invocation (normal default) — if you do not want agents to send email automatically, restrict invocation or require manual approval; (5) review the templates locally if you have privacy concerns (they are included in the skill bundle).

Review Dimensions

Purpose & Capability: okName/description match the requested artifacts: the skill only requires the 'gog' binary and provides HTML templates and a workflow for using 'gog gmail send --body-html'. No unrelated binaries, environment variables, or config paths are requested.
Instruction Scope: noteSKILL.md confines actions to reading template files in workspace/skills/gog-html-email/templates/, running sed substitutions, and calling the gog CLI to send email. This stays within the stated purpose. Caution: the recommended pattern uses shell substitution (sed and inline variable interpolation), which can be unsafe or break when untrusted or complex input (quotes, slashes, newlines) is inserted; the skill also enforces single-line templates which is why it avoids heredocs.
Install Mechanism: okInstruction-only skill with no install spec and no external downloads — lowest-risk install profile. Templates are included in the bundle, so nothing is fetched at install time.
Credentials: okThe skill declares no required env vars or credentials. It relies on the user's existing gog configuration for sending mail (appropriate and proportional). It does not demand unrelated secrets or config paths.
Persistence & Privilege: notealways:false and user-invocable:true. disable-model-invocation:false (agent may call the skill autonomously) — this is the platform default. Because the skill can send email, consider whether you want autonomous agents to be allowed to invoke it without additional guardrails.