ClawHub

PO6 Mailbox

v1.0.0

Manage PO6 email aliases, mailbox, and landing pages via the PO6 MCP server. Use when the user wants to read, send, search, compose, reply, or forward emails...

0· 92·0 current·0 all-time
byWinston T@winstein
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, available tools, and required credential (PO6_API_KEY) are consistent: the skill talks to PO6's MCP server and needs a PO6 API key. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md and README instruct you to export PO6_API_KEY and add an MCP server entry to ~/.openclaw/openclaw.json (or run scripts/setup.sh). The actions (reading an env var, editing your OpenClaw config, testing a discovery endpoint) are within the scope of integrating an external mailbox service. Note: the setup script will modify ~/.openclaw/openclaw.json — review changes before restarting OpenClaw.
Install Mechanism
No remote downloads or package installs; the skill is instruction-only with an included setup script. No high-risk install steps or external arbitrary-code fetches are present.
Credentials
Only a single credential (PO6_API_KEY) is required and is explained in the docs. The skill doesn't request unrelated secrets or system config paths. The README and SKILL.md recommend using minimal scopes and read-only keys when possible.
Persistence & Privilege
always:false and user-invocable:true. The setup script writes/merges an MCP server entry into your OpenClaw config (~/.openclaw/openclaw.json) which is the expected way to register the service; the skill does not request elevated system privileges or modify other skills' configs.
Assessment
This skill appears coherent and limited to the PO6 mailbox integration. Before installing: 1) Review scripts/setup.sh so you understand it will add an MCP server entry to ~/.openclaw/openclaw.json; the script writes the header as "Authorization": "Bearer ${PO6_API_KEY}" (it stores the variable reference, not your raw key). 2) Prefer creating an API key scoped to the minimum permissions you need (start read-only) and enable expiration or IP allowlists if available. 3) If you edit the OpenClaw config manually, avoid pasting the raw key into the file unless you understand the security implications (storing the key in a config file may expose it to other processes/users). 4) Confirm the domain (mcp.po6.com) and the PO6 documentation links match what you expect. If you want extra caution, run the setup script in a terminal and inspect ~/.openclaw/openclaw.json before restarting OpenClaw.

Like a lobster shell, security has layers — review code before you run it.

latestvk973w9vnr0h380sek2z7y7kp258341a0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📨 Clawdis
EnvPO6_API_KEY
Primary envPO6_API_KEY

Comments