Skillv0.1.0

ClawScan security

Email IMAP/SMTP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 5:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions align with its stated purpose of IMAP/SMTP email operations; it legitimately needs email passwords or OAuth2 tokens, and there are no obvious mismatches or hidden endpoints.
Guidance: This skill appears to be what it claims: a local Python tool for IMAP/SMTP with support for password or OAuth2. Before installing or running it: (1) review scripts/email_ops.py yourself (it will talk to mail servers and OAuth token endpoints); (2) provide only least-privilege credentials — prefer app passwords or an OAuth client with minimal scopes and a refresh token you can revoke; (3) do not paste production account passwords or long-lived secrets into public repos; (4) run in an environment you control (or use throwaway/test accounts) if you are unsure; and (5) note the registry metadata omission — the SKILL.md reads many EMAIL_* env vars, so expect to supply those when using the skill.

Review Dimensions

Purpose & Capability: noteThe name/description (IMAP/SMTP mailbox access) matches the included script and SKILL.md which require IMAP/SMTP host info and either password or OAuth2 credentials. One inconsistency: registry metadata lists no required env vars or primary credential, while SKILL.md and the script explicitly read many EMAIL_* environment variables (credentials and endpoints). This is likely an omission in registry metadata but worth noting.
Instruction Scope: okSKILL.md confines actions to mailbox operations (connect, list/search/read/send, build auth URL, refresh token). It explicitly tells the agent to load credentials from env vars and avoid printing secrets. There are no instructions to read unrelated system files, other skills' configs, or to send data to arbitrary external hosts beyond standard OAuth/token endpoints and mail servers.
Install Mechanism: okNo install spec (instruction-only), and the included Python script runs locally. No downloads or external installers are involved, so installation risk is low. The presence of a code file is expected for this kind of skill.
Credentials: noteThe skill requests many sensitive environment variables (email address, app password or client secret/refresh token/access token). Those are proportionate to performing IMAP/SMTP and OAuth flows. However, the registry metadata does not declare these env vars, creating a transparency gap the user should be aware of.
Persistence & Privilege: okThe skill is not forced-always and does not request system-wide config changes. It does not claim or appear to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.