Himalaya Email CLI
ReviewAudited by ClawScan on May 11, 2026.
Overview
This is a straightforward email CLI reference, but it can use your email credentials and can send, move, or delete messages if you allow those commands.
This skill appears benign and purpose-aligned for managing email with the Himalaya CLI. Before installing, make sure you trust the local Himalaya binary, store credentials in a password manager or keyring rather than plaintext, and require manual confirmation for sends, forwards, reply-all, moves, and deletes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the agent may be able to access your mailbox and send email through your account using the configured credentials.
The skill documents OAuth token and credential configuration for email accounts. This is expected for an IMAP/SMTP email client, but those credentials grant significant account access.
backend.auth.type = "oauth2" backend.auth.client-secret.cmd = "pass show oauth/client-secret" backend.auth.access-token.cmd = "pass show oauth/access-token" backend.auth.refresh-token.cmd = "pass show oauth/refresh-token"
Use app-specific passwords or OAuth tokens with the least privilege available, store secrets in a password manager or keyring, and revoke credentials if you stop using the skill.
An agent using this skill could send messages, reply-all, forward, move, copy, flag, or delete emails if the user authorizes or requests those operations.
The documented CLI operations include sending email directly and deleting messages. These actions are purpose-aligned, but they can materially change the user's email account.
Send directly using template: ```bash cat << 'EOF' | himalaya template send ... ``` ... Delete an Email ```bash himalaya message delete 42 ```
Require explicit confirmation before sending, deleting, moving, or forwarding messages, and review recipient lists and message IDs before execution.
The safety of runtime behavior depends on the external Himalaya CLI that the user installs locally.
The skill depends on an external `himalaya` binary and mentions a brew install path, while the registry install specification is instruction-only. The installed CLI is therefore outside the reviewed package.
metadata: {"Xcriminal":{"emoji":"📧","requires":{"bins":["himalaya"]},"install":[{"id":"brew","kind":"brew","formula":"himalaya","bins":["himalaya"],"label":"Install Himalaya (brew)"}]}}Install Himalaya only from the official project or a trusted package manager, and verify the installed binary before using the skill with real email credentials.