Skillv1.0.0

ClawScan security

Sky - Email for AI Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions describe a reasonable email-for-agents service, but metadata omits expected secrets and there are operational risks (webhooks, API key handling, auto-sending) that aren't declared—these mismatches warrant caution.
Guidance: This SKILL.md appears to be a genuine email API for agents, but it omits a key metadata declaration and has operational risks you should consider before installing: - Metadata mismatch: The skill does not declare required env vars, yet the instructions require an API key (SKY_API_KEY) and mention a webhook_secret. Treat these as secrets and expect the skill to need them; ask the publisher to update the metadata to list SKY_API_KEY (and webhook_secret usage) explicitly. - Webhook risk: You'll publish a public webhook_url that receives incoming messages. Ensure your endpoint uses HTTPS, verifies the provided signature (webhook_secret) properly, and rejects unsigned or replayed requests. The SKILL.md references signature verification but doesn't provide an implementation example—request one if you need it. - Auto-send/autonomy: Because the agent can invoke this skill, it could send emails automatically. Define policy or confirmations to prevent accidental or abusive outbound messages and limit recipient scope if necessary. - Protect the API key: Store SKY_API_KEY securely (secret manager), use least-privilege keys if supported (test vs live), rotate keys, and monitor usage/quotas and billing to detect abuse. - Data handling: Treat messages as potentially sensitive. Ensure logs, storage, and any process_emails.sh scripts you use do not leak content to third parties. If you decide to proceed, ask the skill author to fix the metadata to declare SKY_API_KEY (and other secrets), provide concrete webhook signature verification examples, and document limits/permissions for the API key (scopes, rate limits, refund/abuse policy).

Review Dimensions

Purpose & Capability: noteSKILL.md describes an email-for-AI-agents service (signup, send/receive, webhook or polling). That matches the skill name and purpose. No extra unrelated services or credentials are requested in the prose.
Instruction Scope: concernRuntime instructions require creating accounts, storing an API key, posting a webhook_url, verifying webhook signatures, and optionally polling/cron jobs. These are expected for an email service, but the instructions give broad operational guidance (polling every 1–5 minutes, store last message id, run process_emails.sh) which, if used without safeguards, could lead to automatic outbound emails or data exfiltration. The SKILL.md does not include a concrete signature verification example or limits on automated sending.
Install Mechanism: okInstruction-only skill with no install step and no code files. No downloads or installs are specified, so there is no install-time code execution risk.
Credentials: concernThe metadata lists no required environment variables, but the SKILL.md explicitly instructs users to save an API key and export SKY_API_KEY and to protect a webhook_secret returned at signup. The skill therefore fails to declare the primary credential it depends on. Requesting and using an API key is appropriate for an email API, but the omission in metadata is an incoherence and increases risk of accidental exposure.
Persistence & Privilege: notealways:false (normal). The agent can invoke the skill autonomously (platform default). That means the agent could send emails automatically if configured—this is expected behavior for an email skill but elevates risk (impersonation, data leakage) and should be guarded by policy or user confirmation.