v1.0.0

Skill Mail Sender

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:17 AM.

Analysis

This appears to be a real mail-sending skill, but it deserves review because it can use SMTP credentials to send or bulk-send emails from the user’s account without documented confirmation safeguards.

GuidanceInstall only if you are comfortable giving the skill access to send mail from the configured account. Use an app-specific mail authorization code, protect the config file, and require manual review of recipients and message content before any email—especially bulk or scheduled messages—is sent.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

批量发送邮件给多个收件人 ... result = send_mail(... receivers='user1@example.com,user2@example.com') ... 使用默认收件人

The skill supports sending external emails to multiple or default recipients, but the artifacts do not define a confirmation, allowlist, rate limit, or review step before sending.

User impactA mistaken or over-broad agent invocation could send unintended messages from the user’s email account, including to multiple recipients.

RecommendationRequire explicit user approval of subject, body, sender, and recipients before every send; avoid autonomous bulk sending unless recipients are allowlisted and rate-limited.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

requests>=2.28.0
markdown>=3.4.0

The dependency versions are not pinned exactly. This is common and largely purpose-aligned, especially for Markdown conversion, but it means future installs may resolve different package versions.

User impactDependency behavior may vary over time depending on what package versions pip installs.

RecommendationInstall in a controlled environment and consider pinning exact dependency versions if reproducibility matters.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/mail_sender.py

self._sender_password = os.getenv('MAIL_SENDER_PASSWORD') ... if not self._sender_password: raise ConfigError

The code reads and requires an SMTP password or authorization code. This is expected for an email-sending skill, but it grants authority to act as the configured mailbox.

User impactAnyone or any agent flow that can invoke the skill with this configuration may be able to send mail using the configured account.

RecommendationUse an app-specific SMTP authorization code, not the mailbox login password; restrict the account’s permissions where possible and keep the config file private.