Gmail Lead Monitor
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly coherent, but its code appears to alert Telegram for every unseen Gmail message, not just keyword-matching leads, which can expose more email content than users may expect.
Install only if you are comfortable giving the script Gmail IMAP access and sending email details to Telegram. Before running it continuously, adjust the code or confirm that you want alerts for every unseen email, not just keyword-matching leads, and protect the local config file that contains credentials.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or unrelated emails may be forwarded to Telegram even when they do not match the configured lead keywords.
The code appends every fetched unseen email to new_emails and later sends a Telegram alert for each one. This is broader than the registry/SKILL description of monitoring emails matching keywords or important lead emails.
new_emails.append({ ... "important": important, "keyword": keyword, }) ... for e in new_emails: ... ok = send_telegram(token, chat_id, msg)Change the code to send Telegram alerts only when important is true, or clearly disclose that all unseen emails will be alerted and provide a config option to restrict alerts to keyword matches.
Telegram and the configured chat can receive sensitive email metadata and snippets from non-lead messages.
The skill sends email-derived alert text to Telegram, including sender, subject, and body snippet. Because the alert loop is not limited to keyword-matching messages, the external data flow is broader than users may expect.
url = f"https://api.telegram.org/bot{token}/sendMessage" ... payload = json.dumps({ "chat_id": chat_id, "text": message, "parse_mode": "HTML" })Limit outbound Telegram messages to user-approved or keyword-matching emails, document exactly what email fields are sent, and consider redacting snippets by default.
Anyone who can read the config file may be able to access the Gmail IMAP account or send messages through the Telegram bot.
The skill requires a Gmail app password and Telegram bot token in a local config file. This is expected for the integration, but these are sensitive credentials and the registry metadata does not declare a primary credential.
"email": "you@gmail.com", "app_password": "xxxx xxxx xxxx xxxx", "telegram_token": "your_bot_token", "telegram_chat_id": "your_chat_id"
Store the config file with restrictive permissions, use a dedicated Gmail app password and Telegram bot, and revoke the credentials when no longer needed.
If left running, the monitor will continue accessing Gmail and sending alerts on its schedule.
The documentation shows user-directed long-running and cron-based monitoring. This is purpose-aligned, but it means the skill can keep checking Gmail and sending Telegram alerts after setup.
# Run in daemon mode (default interval from config) python3 gmail_monitor.py # Run via cron every 5 minutes */5 * * * * python3 /path/to/gmail_monitor.py --once >> /tmp/gmail_monitor.log 2>&1
Run persistent mode only if you want continuous monitoring, and remove the cron entry or stop the process when monitoring is no longer needed.
Messages may be starred automatically based on broad or accidental keyword matches.
The skill automatically modifies Gmail message state by adding the starred/flagged marker when a keyword match is found. This is disclosed and purpose-aligned, but it is still an account mutation.
if important:
try:
mail.store(eid, "+FLAGS", "\\Flagged")Review the keyword list carefully and test with --once before running persistently.