Back to skill
Skillv1.0.1
ClawScan security
Email Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 8:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (local email categorization/digest) and it does not request extra credentials, network access, or unusual installs.
- Guidance
- This skill appears coherent and low-risk: it expects your agent to fetch emails and pass them in, and it performs only local string-based classification. Before installing or enabling, confirm that the agent/component that fetches your emails handles credentials securely (OAuth tokens, IMAP passwords) and that you review what email fields you pass in (avoid sending full mailbox backups to any third-party). Also note the simple wildcard and substring matching may misclassify messages—test with sample data and tune priority/ignore lists as needed.
Review Dimensions
- Purpose & Capability
- okName/description request an email digest; the package contains a simple EmailDigest class that accepts an array of pre-fetched emails and produces categorized output. There are no unrelated credentials, binaries, or install steps required.
- Instruction Scope
- okSKILL.md instructs the agent to pass pre-fetched emails (from himalaya, platform connectors, or any pipeline). The instructions explicitly say processing is local and the code does not perform network calls, read unexpected system paths, or reference environment variables beyond the provided options.
- Install Mechanism
- okNo install spec is present (instruction-only + source file included). No downloads or third-party installers are invoked; risk from install mechanism is minimal.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate for a local email summarizer which expects the caller to supply fetched email objects.
- Persistence & Privilege
- okSkill is not always-enabled and is user-invocable; autonomous invocation is allowed (default) but there are no elevated privileges, no self-modifying behavior, and it does not touch other skills or global agent settings.