ClawHub

Sendgrid Skills

v1.2.2

SendGrid email platform integration for sending and receiving emails. Routes to sub-skills for outbound transactional emails (send-email) and receiving via I...

3· 1.9k·1 current·1 all-time
byVince Lozada@vince-winkintel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SendGrid send/receive) match the declared requirements: SENDGRID_API_KEY and binaries curl, jq, node. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and included scripts instruct the agent to run local helper scripts that send mail via the SendGrid API and validate inbound webhook/DNS configuration. The scripts accept file paths and webhook URLs and will make network requests (SendGrid API and optional webhook testing). The scripts include input validation (file-extension checks, directory-traversal checks, hostname/url regexes) and the README warns to review scripts before running.
Install Mechanism
Instruction-only skill (no install spec). Scripts are bundled in the repo and will not download arbitrary code; no remote installs or URLs are used. This is the lowest-risk install pattern.
Credentials
Only SENDGRID_API_KEY is required (SENDGRID_FROM is optional). That matches the skill purpose. The skill even recommends scoping the key to Mail Send permissions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and is user-invocable. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.
Assessment
This package appears coherent for integrating with SendGrid, but review and follow these precautions before installing or running anything: 1) Inspect the included scripts (they're present in the bundle) before executing them; they will read files you point them at and make network requests (to SendGrid and optional webhook URLs). 2) Use an API key with least privilege (Mail Send only) and avoid using long-lived high-privilege keys in shared environments. 3) When verifying inbound webhooks, test against non-production endpoints first — the verify script will POST to whatever HTTPS webhook URL you provide (it has URL validation but still contacts external hosts). 4) Prefer using a dedicated subdomain and verified sender identities when sending/receiving emails. 5) If you plan to allow the agent to invoke this skill autonomously, be comfortable with the agent having the ability to call these scripts and send requests using your SENDGRID_API_KEY; otherwise keep invocation manual. If you want additional assurance, run the scripts in an isolated/test environment and rotate the API key after verification.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ybcvzc90wsjry5j7kstvkx81wdfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq, node
EnvSENDGRID_API_KEY

Comments