v0.1.4

Fastmail Suite

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:06 AM.

Analysis

This appears to be a coherent Fastmail helper, but it uses real Fastmail credentials and can change mail or calendar data if you deliberately enable writes.

GuidanceInstall only if you want the agent to access your Fastmail account. Start with read-only tokens, leave FASTMAIL_ENABLE_WRITES disabled unless you are intentionally sending or changing events, and remember that redaction is best-effort rather than complete privacy protection.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

only when explicitly enabled) send email and create/reschedule/cancel calendar events ... Writes are OFF by default ... unless FASTMAIL_ENABLE_WRITES=1

The skill exposes account-changing operations, but documents that writes are disabled unless the user sets an explicit environment flag.

User impactIf writes are enabled, an agent could send email or modify calendar events using the configured Fastmail account.

RecommendationKeep FASTMAIL_ENABLE_WRITES unset for normal use; enable it only for a specific task, prefer a separate send token, and review recipients/event changes before allowing write commands.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

scripts/mail.py

"fetchTextBodyValues": True, "fetchHTMLBodyValues": True ... print(body)

The skill can place email body content into the agent-visible output. Incoming email is untrusted content and could contain instructions aimed at the agent.

User impactA malicious email could try to influence the agent if the agent treats email text as instructions rather than data.

RecommendationTreat message bodies, subjects, and contact/calendar text as untrusted data; do not let retrieved email content override the user's actual request.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

scripts/jmap_client.py

"""Best-effort redaction for display/logging (emails, phone-ish numbers)."""

The implementation describes redaction as best-effort and mainly masks email addresses and phone-like numbers, so other sensitive subject/body/contact/calendar details may still appear.

User impactUsers should not assume default redaction removes all private information from outputs.

RecommendationAvoid using --raw unless necessary, and review outputs before sharing them outside the local agent session.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

FASTMAIL_TOKEN: required: true ... Fastmail JMAP API token (Mail + Contacts scopes) ... FASTMAIL_CALDAV_PASS ... Fastmail CalDAV app password used for calendar access.

The skill requires real Fastmail credentials that can access email, contacts, and calendar data. This is expected for the integration, but it is sensitive account authority.

User impactInstalling and configuring this skill may let the agent read private Fastmail email, contacts, and calendar information.

RecommendationUse least-privilege/read-only Fastmail tokens for normal use, use a dedicated CalDAV app password, and revoke tokens when no longer needed.