Email IMAP/SMTP
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent email automation helper, but it necessarily handles mailbox credentials and can read and send email, so users should review permissions and approve sends carefully.
This appears to be a legitimate IMAP/SMTP email helper, but it will handle sensitive mailbox credentials and can read and send email. Use app-specific passwords or scoped OAuth where possible, verify any custom mail or token endpoints, avoid exposing secrets in chat or logs, and require explicit confirmation before sending messages or attachments.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with these credentials may be able to access email and send messages as the user, depending on provider permissions.
The skill requires credentials or OAuth material that can grant access to the user's mailbox. This is expected for an IMAP/SMTP skill, but it is sensitive delegated account authority.
Authentication: - Password mode: app password / authorization code - OAuth2 mode: access token, or refresh token + client info
Use app-specific passwords or narrowly scoped OAuth tokens where possible, avoid sharing account passwords, and revoke tokens/passwords when no longer needed.
Granting these scopes may allow the skill to read mail and send messages through the connected account.
The documented OAuth scopes allow broad mailbox read/send access for supported providers. These scopes are consistent with IMAP/SMTP workflows, but they are powerful.
`gmail`: `https://mail.google.com/` ... `outlook`: `offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send`
Only authorize accounts you intend to automate, review the provider consent screen, and prefer limited or app-specific credentials when available.
A mistaken recipient, subject, body, or attachment could send private or incorrect information externally.
The skill exposes an outbound email-sending operation, including attachments. This is directly aligned with the email automation purpose but can affect other people and external systems.
`send`: Send an email with optional HTML and attachments.
Require a final user confirmation of recipients, subject, body, and attachments before sending any email.
The agent may treat previewing as sufficient and proceed unless the user has clearly required explicit approval.
The instructions include a preview step before sending, which is a useful safeguard, but they do not explicitly require the user to approve the preview before delivery.
Send email only after previewing key fields (to/subject/body/attachments).
Before installation or use, set an expectation that the agent must ask for confirmation after preview and before invoking the send command.
If a wrong or untrusted token endpoint is configured, OAuth credentials could be sent to the wrong service.
The script can send OAuth refresh-token requests to a provider preset or a user-supplied token endpoint. This flexibility is useful for custom providers but means endpoint choice controls where OAuth secrets are submitted.
token_endpoint = args.token_endpoint or os.getenv("EMAIL_TOKEN_ENDPOINT") or oauth_defaults.get("token_endpoint")Use provider presets when possible, verify custom token endpoints carefully, and do not paste refresh tokens or client secrets into untrusted configurations.
Users have less external provenance information to rely on when deciding whether to trust a credential-handling skill.
The package provenance is not documented in the supplied metadata. This is not suspicious by itself, but users should notice it because the skill handles mailbox credentials.
Source: unknown; Homepage: none
Install only if you trust the registry/package source, and inspect the included script before using real mailbox credentials.