email-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s email-sending purpose is clear, but it publishes a live SMTP password that lets anyone with the skill send mail as the listed account.
Do not install this as-is unless you own and intend to share the listed SMTP account. The exposed email authorization code should be rotated and replaced with a user-specific secret, and the agent should confirm recipient, subject, body, and sender before every email is sent.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The account could be used to send unwanted or unauthorized email, harming the sender account’s reputation and creating accountability issues for users who install the skill.
The artifact embeds a live SMTP authorization code for a real sender account, giving account-level sending authority to anyone who can read or copy the skill.
Account (From / login user) | `validates@yeah.net` ... Client authorization code (SMTP password) | `LWyx439…U68u` ... Anyone with read access ... can send mail as `validates@yeah.net`.
Rotate the exposed SMTP authorization code, remove it from SKILL.md, and require each user to provide their own credential through a secret store or environment variable with clear scope and ownership.
If invoked incorrectly, the agent could send mistaken, unwanted, or sensitive messages from the configured account.
The instructions enable the agent to send arbitrary email content to arbitrary recipients. This matches the skill purpose, but sending email is an externally visible action that lacks an explicit confirmation or allowlist in the artifact.
Flow the agent should follow: 1. Write the file ... 2. Run: `python3 /tmp/send_email.py "recipient@domain" "Subject line" "Plain text body"`
Require an explicit user confirmation that previews the recipient, subject, body, and sender before every send, and consider recipient/domain restrictions or rate limits.
The generated script may remain on disk and contains the SMTP credential, so local readers of that file could reuse the account.
The skill’s execution model is disclosed and purpose-aligned, but it depends on generating and running a local script rather than shipping reviewed code.
the agent writes a standalone Python file (for example `/tmp/send_email.py`), runs `python3 /tmp/send_email.py …`, and relies on stdlib only
Prefer a reviewed helper that reads credentials from a secret source, or create the temporary script with restrictive permissions and delete it immediately after use.