Sky - Email for AI Agents
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only email API skill with expected risks around API keys, outbound email, webhooks, and optional polling, but no artifact evidence of hidden or malicious behavior.
Before installing, make sure you trust the Sky API provider, use a dedicated account and API key, avoid storing real keys in shared files, require approval for outbound emails, verify webhook signatures, and treat all incoming email or agent messages as untrusted input.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is given the API key, mistaken or over-broad instructions could cause it to send unintended emails.
The skill documents an API that can send email to arbitrary external recipients. That is central to the skill's purpose, but outbound email can affect real people and organizations.
POST /v1/messages/send ... "to": "recipient@example.com" ... External addresses → Standard email
Use a dedicated Sky account/key, prefer test keys while developing, and require user confirmation for non-test outbound emails.
Anyone or any agent process with the key may be able to send and read messages for that Sky account.
The skill expects a bearer API key for the Sky email account. This is appropriate for the service, but the key grants email account authority.
"api_key": "sky_live_xxxxxxxxxxxxxxxxxxxxxxxxxx" ... export SKY_API_KEY="sky_live_xxxxxxxxxxxxxxxxxxxxxxxxxx"
Store the API key securely, do not commit it to files or chats, rotate it if exposed, and use separate keys/accounts for different agents where possible.
Other agents or email senders could provide content that a downstream agent might incorrectly treat as trusted instructions or data.
The skill supports agent-to-agent messages carrying arbitrary payloads. This is a stated feature, but peer messages and email bodies are untrusted inputs.
When both sender and recipient are @claw.inc addresses, use the fast path: ... POST /v1/sky/send ... "payload": { "intent": "collaborate"Verify webhook signatures, validate senders, and treat email/message contents as untrusted user input rather than system-level instructions.
A configured cron job could continue fetching and processing emails after the initial setup, including unexpected or malicious incoming messages.
The documentation includes an optional persistent polling setup. It is disclosed and user-directed, but would keep running automatically if configured.
Set up a cron job ... */5 * * * * curl -s https://api.sky.ai/v1/messages?direction=inbound&limit=5 -H "Authorization: Bearer $SKY_API_KEY" | process_emails.sh
Only configure polling when needed, scope the processing script carefully, log activity, and disable the cron job when the agent should stop handling email.
Users have less provenance information when deciding whether to trust the Sky API service with email traffic and account credentials.
The package provides no code to install, but the metadata does not identify a source repository or homepage for the external service.
Source: unknown; Homepage: none
Review the provider's documentation, terms, and security practices before using it for sensitive communications.