Sog
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sogcli Version: 0.3.0 The skill bundle is classified as suspicious due to the `sog idle --exec` command in `internal/cli/idle.go`. This command allows the execution of arbitrary shell commands upon receiving new mail, which is a powerful and potentially risky capability. While explicitly documented in `SKILL.md` and `README.md` as an intended feature for automation, it could be abused by a malicious prompt to the AI agent to execute harmful payloads. There is no clear evidence of intentional malicious behavior within the provided code or documentation, but the capability itself presents a significant risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could send email, change calendars/contacts/tasks, or delete remote files on the configured account.
The skill exposes commands that can send messages and mutate or delete remote account data. This matches the stated CLI purpose, but these operations can have real user impact if invoked without clear user intent.
sog mail send ...; sog mail delete <uid>; sog cal delete <uid>; sog contacts delete <uid>; sog drive delete <path>
Use it only for accounts you intend the agent to manage, and require explicit user confirmation before sending, deleting, moving, uploading, or bulk-changing data.
Anyone or any agent able to use the configured `sog` account can read and modify mail, calendars, contacts, tasks, and WebDAV files allowed by those credentials.
The skill stores and uses provider account passwords across several protocols. This is expected for IMAP/SMTP/DAV access, but it grants broad delegated access to the user's account data.
--password Password (stored in keychain); sog auth password <email> --imap, --smtp, --caldav, --carddav, --webdav
Prefer provider app-specific passwords with the narrowest available scope, protect the local keychain/config, and remove accounts when no longer needed.
Using `--insecure` or `--no-tls` could weaken protection for account login and data transfer.
The CLI supports optional insecure transport modes. They are not default, but if used they could expose account credentials or data to network interception.
Insecure bool `help:"Skip TLS certificate verification"`; NoTLS bool `help:"Disable TLS (plain text connection)" name:"no-tls"`
Avoid these flags unless connecting to a trusted test server; use normal TLS for real accounts.
A later install may fetch a different version than the one reviewed here.
Installing with `@latest` is common for Go tools, but it is unpinned, so future upstream changes could differ from the reviewed artifact version.
go | package: github.com/visionik/sogcli/cmd/sog@latest | creates binaries: sog
Pin to a trusted tag or commit when reproducibility matters, and install from the expected GitHub repository.