critical
suspicious.env_credential_access
- Location
- dist/cli.js:1020
- Finding
- Environment variable access combined with network send.
Fastmail
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the agent or local environment is misused, the same credentials could read, send, organize, or delete Fastmail data.
Why it was flagged
The skill requires account-level Fastmail credentials for email/calendar operations. That is purpose-aligned, but the access is high impact and not scoped in the artifacts.
Skill content
⚠️ Tokens have full account access - keep them secret!
Recommendation
Use a dedicated Fastmail token/app password with the least permissions available, store it securely, and rotate it if exposed.
What this means
A mistaken or over-broad agent action could send messages, delete/move many emails, or alter calendar events.
Why it was flagged
The skill exposes account-mutating and destructive actions, including bulk operations, but the instructions do not require confirmation or constrain when the agent may use them.
Skill content
Bulk actions → `bulk_move_emails`, `bulk_set_labels`, `bulk_delete_emails` ... Modify → `update_event` ... Delete → `delete_event` ... Send/reply → `send_email` or `reply_email`
Recommendation
Require explicit user confirmation for send, reply-all, delete, bulk, RSVP, and calendar mutation actions.
What this means
A bundled secret or unexpected credential path could indicate unsafe credential handling or make it harder to understand what account authority is being used.
Why it was flagged
A hardcoded client_secret in the distributed bundle conflicts with the documented env-only credential handling. The provided excerpt is truncated, so its exact use is unclear.
Skill content
Static scan at dist/cli.js:10614: client_secret: [REDACTED]
Recommendation
Inspect the bundled file, remove any real hardcoded secret, and publish a reproducible build or source map showing why this value is present.
What this means
Setup may download or execute dependency code outside the reviewed artifacts, which matters because the skill handles account credentials.
Why it was flagged
The skill relies on local package installation and a package runner, while the registry says there is no install spec and package.json uses dependency version ranges.
Skill content
cd .opencode/skills/fastmail && bun install bunx fastmail list_mailboxes
Recommendation
Pin dependencies with a lockfile, declare the install requirements in metadata, and verify bunx runs the local reviewed CLI.
Findings (2)
critical
suspicious.exposed_secret_literal
- Location
- dist/cli.js:10614
- Finding
- File appears to expose a hardcoded API secret or token.