v1.0.0

Gmail Lead Monitor

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

Review before installing: it asks for Gmail and Telegram credentials and the script appears to forward snippets of every unread email to Telegram, not just keyword-matching leads.

GuidanceInstall only if you are comfortable with a script continuously reading your Gmail inbox, sending email snippets to Telegram, and starring messages. If you only want lead or keyword-match alerts, modify or verify the code before use, protect the local config file, and run it once manually before enabling daemon or cron mode.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

gmail_monitor.py

if important: ... mail.store(eid, "+FLAGS", "\\Flagged")

The script automatically changes Gmail message state by starring messages that match configured keywords. This is disclosed, but it is still account mutation authority.

User impactIncorrect or broad keywords could cause unwanted Gmail messages to be starred.

RecommendationReview the keyword list and run with `--once` first to confirm behavior before using daemon or cron mode.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

# Run in daemon mode (default interval from config) ... python3 gmail_monitor.py ... # Run via cron every 5 minutes

The skill supports continuous background monitoring through a daemon process or cron job. This is user-directed and aligned with monitoring, but it creates ongoing mailbox access.

User impactThe monitor can continue reading Gmail and sending Telegram alerts until the process or cron entry is stopped.

RecommendationKeep track of any cron job or background process you create, and remove it when the monitoring task is no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

"app_password": "xxxx xxxx xxxx xxxx", "telegram_token": "your_bot_token", "telegram_chat_id": "your_chat_id"

The skill requires a Gmail app password and Telegram bot token in a local config file, even though the registry metadata declares no primary credential or required environment variables.

User impactThe configured credentials let the script access the Gmail inbox, send Telegram messages through the bot, and modify Gmail flags.

RecommendationUse a dedicated Gmail app password and Telegram bot/chat, protect the config file permissions, and revoke the credentials if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

gmail_monitor.py

status, data = mail.search(None, "UNSEEN") ... new_emails.append({ ... "important": important ... }) ... for e in new_emails: ... ok = send_telegram(token, chat_id, msg)

The code collects every unseen email, records whether it matched keywords, and then sends each collected email to Telegram. That is broader than the keyword-focused/important-email alerting described for the skill.

User impactPrivate, non-lead emails may have their sender, subject, timestamp, and body snippet sent to Telegram on an ongoing basis.

RecommendationOnly install if all-new-email Telegram forwarding is acceptable. Otherwise change the script to send Telegram alerts only when `important` is true, or use a dedicated mailbox/chat for this monitor.