IMAP SMTP Email
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: welderjustin-imap-smtp-email Version: 0.0.11 The skill bundle provides legitimate functionality for managing emails via IMAP and SMTP protocols. It includes robust security features such as path whitelisting for file operations (ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS) and proper credential handling via a setup script that restricts file permissions. No evidence of malicious intent, data exfiltration, or prompt injection was found in scripts/imap.js, scripts/smtp.js, or SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process able to use these credentials through the skill can read mailbox content and send email as the configured account.
The skill requires credentials that allow access to the user's mailbox and SMTP sending account. This is necessary for the stated purpose, but it grants meaningful account authority.
requires:\n env:\n - IMAP_HOST\n - IMAP_USER\n - IMAP_PASS\n - SMTP_HOST\n - SMTP_USER\n - SMTP_PASS
Use provider app passwords or authorization codes where possible, avoid reusing your main account password, and revoke the credentials if you stop using the skill.
A mistaken or over-trusted agent action could send an unwanted message or attachment from the user's email account.
When the send command is invoked, the code directly sends an email using the provided recipient, subject, body, and attachments. This matches the skill's purpose but is a high-impact action.
const info = await transporter.sendMail(mailOptions);
Require explicit user confirmation for recipients, subject, body, and attachments before allowing the agent to send email.
Sensitive email contents may enter the agent context, and malicious email text could try to influence the agent's next actions.
Fetched email text and HTML are returned to the agent. Email content is untrusted external input and may contain sensitive data or instructions aimed at the agent.
return {\n from: parsed.from?.text || 'Unknown',\n to: parsed.to?.text,\n subject: parsed.subject || '(no subject)',\n date: parsed.date,\n text: parsed.text,\n html: parsed.html,Treat email content as untrusted; do not let the agent follow instructions found inside emails unless the user confirms them.
A compromised or unexpected dependency version could affect a credential-handling email tool.
The documented npm install will fetch third-party packages using semver ranges. This is normal for a Node email tool, but dependency provenance matters because the skill handles email credentials.
"dependencies": {\n "dotenv": "^16.6.1",\n "imap": "^0.8.19",\n "imap-simple": "^5.1.0",\n "mailparser": "^3.9.3",\n "nodemailer": "^7.0.13"\n }Install from a trusted npm registry, consider using a lockfile or pinned versions, and review dependency changes before updating.