IMAP SMTP Email
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate IMAP/SMTP email tool, but it can read and send email using your account, so outgoing messages and credentials deserve careful handling.
Before installing, make sure you trust the skill enough to give it email app passwords or authorization codes. Use the narrowest credentials your provider supports, keep the .env file private, set ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS narrowly, and require confirmation before the agent sends or attaches anything.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process able to use these credentials through the skill can read mailbox content and send email as the configured account.
The skill requires credentials that allow access to the user's mailbox and SMTP sending account. This is necessary for the stated purpose, but it grants meaningful account authority.
requires:\n env:\n - IMAP_HOST\n - IMAP_USER\n - IMAP_PASS\n - SMTP_HOST\n - SMTP_USER\n - SMTP_PASS
Use provider app passwords or authorization codes where possible, avoid reusing your main account password, and revoke the credentials if you stop using the skill.
A mistaken or over-trusted agent action could send an unwanted message or attachment from the user's email account.
When the send command is invoked, the code directly sends an email using the provided recipient, subject, body, and attachments. This matches the skill's purpose but is a high-impact action.
const info = await transporter.sendMail(mailOptions);
Require explicit user confirmation for recipients, subject, body, and attachments before allowing the agent to send email.
Sensitive email contents may enter the agent context, and malicious email text could try to influence the agent's next actions.
Fetched email text and HTML are returned to the agent. Email content is untrusted external input and may contain sensitive data or instructions aimed at the agent.
return {\n from: parsed.from?.text || 'Unknown',\n to: parsed.to?.text,\n subject: parsed.subject || '(no subject)',\n date: parsed.date,\n text: parsed.text,\n html: parsed.html,Treat email content as untrusted; do not let the agent follow instructions found inside emails unless the user confirms them.
A compromised or unexpected dependency version could affect a credential-handling email tool.
The documented npm install will fetch third-party packages using semver ranges. This is normal for a Node email tool, but dependency provenance matters because the skill handles email credentials.
"dependencies": {\n "dotenv": "^16.6.1",\n "imap": "^0.8.19",\n "imap-simple": "^5.1.0",\n "mailparser": "^3.9.3",\n "nodemailer": "^7.0.13"\n }Install from a trusted npm registry, consider using a lockfile or pinned versions, and review dependency changes before updating.