Fastmail JMAP
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent Fastmail email skill, but it gives an agent powerful mailbox access, including reading, sending, and changing email.
Install only if you are comfortable giving the agent access to your Fastmail mailbox. Use a dedicated/revocable token, prefer the least privilege possible, and require confirmation before sending, moving, trashing, or marking messages.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is available to the agent, the agent can access and change your Fastmail mailbox and send email from your account.
The skill requires a Fastmail API token with permission to read, modify, and send email. This is expected for the advertised email-management purpose, but it is broad account authority.
FASTMAIL_TOKEN ... required: true ... Scopes: Email (read/write) + Email Submission (send)
Use the narrowest token scopes that fit your use case, revoke the token when no longer needed, and avoid granting send/write access if you only need read-only checks.
A mistaken instruction or unsafe automation could send an unintended email, move a message, mark it read, or put it in trash.
The skill exposes commands that can send messages and mutate mailbox state. These commands are purpose-aligned and documented; the main risk is accidental or over-broad invocation.
`send <to> <subject> <body>` | Send an email ... `move <email-id> <mailbox-name>` ... `mark-read <email-id>` ... `trash <email-id>`
Require explicit user confirmation for send, trash, move, and mark-read/mark-unread actions, not just for sending.
A malicious or spam email could contain prompt-injection text that tries to influence the agent’s next actions.
Email is untrusted external content that the agent may summarize or act on. The documentation does not explicitly warn the agent to treat email text as data rather than instructions.
Run: `python3 scripts/fastmail.py unread` ... If urgent/actionable emails found, summarize and alert.
Tell the agent to treat email contents as untrusted data, ignore instructions inside messages unless the user confirms them, and avoid storing sensitive email summaries unnecessarily.
Automated install or permission summaries may understate that the skill needs an email account token.
The registry-level metadata does not surface the required Fastmail token, even though SKILL.md clearly declares FASTMAIL_TOKEN. This appears to be an under-declaration rather than hidden behavior.
Required env vars: none ... Env var declarations: none ... Primary credential: none
Review SKILL.md before installing and make sure the registry metadata is updated to declare FASTMAIL_TOKEN and email read/write/send capabilities.