Fastmail
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Fastmail email/calendar tool, but it needs review because it can use full account credentials to read, send, delete, and bulk-change mail/calendar data while its metadata and install/provenance details are underdeclared.
Install only if you are comfortable giving this skill substantial Fastmail access. Before use, verify the package source and bundled secret finding, keep credentials out of git, and require manual confirmation before any send, reply-all, delete, bulk, RSVP, or calendar-changing action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or local environment is misused, the same credentials could read, send, organize, or delete Fastmail data.
The skill requires account-level Fastmail credentials for email/calendar operations. That is purpose-aligned, but the access is high impact and not scoped in the artifacts.
⚠️ Tokens have full account access - keep them secret!
Use a dedicated Fastmail token/app password with the least permissions available, store it securely, and rotate it if exposed.
A mistaken or over-broad agent action could send messages, delete/move many emails, or alter calendar events.
The skill exposes account-mutating and destructive actions, including bulk operations, but the instructions do not require confirmation or constrain when the agent may use them.
Bulk actions → `bulk_move_emails`, `bulk_set_labels`, `bulk_delete_emails` ... Modify → `update_event` ... Delete → `delete_event` ... Send/reply → `send_email` or `reply_email`
Require explicit user confirmation for send, reply-all, delete, bulk, RSVP, and calendar mutation actions.
A bundled secret or unexpected credential path could indicate unsafe credential handling or make it harder to understand what account authority is being used.
A hardcoded client_secret in the distributed bundle conflicts with the documented env-only credential handling. The provided excerpt is truncated, so its exact use is unclear.
Static scan at dist/cli.js:10614: client_secret: [REDACTED]
Inspect the bundled file, remove any real hardcoded secret, and publish a reproducible build or source map showing why this value is present.
Setup may download or execute dependency code outside the reviewed artifacts, which matters because the skill handles account credentials.
The skill relies on local package installation and a package runner, while the registry says there is no install spec and package.json uses dependency version ranges.
cd .opencode/skills/fastmail && bun install bunx fastmail list_mailboxes
Pin dependencies with a lockfile, declare the install requirements in metadata, and verify bunx runs the local reviewed CLI.