Fastmail
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: fastmail Version: 1.0.1 This skill is classified as suspicious due to its broad permissions, which grant full access to the user's Fastmail email and calendar, including the ability to read, send, move, and delete emails, as well as create, update, and delete calendar events. While these capabilities are necessary for the skill's stated purpose and there is no clear evidence of intentional harmful behavior (e.g., data exfiltration to unauthorized endpoints, arbitrary command execution, or persistence mechanisms), the extensive access to sensitive personal data and the ability to perform actions like sending emails represent a significant inherent risk if the agent were compromised or misused. The `SKILL.md`, `README.md`, and `references/TOOLS.md` files do not contain any prompt injection attempts or suspicious instructions. The `cli.ts` script securely handles arguments and calls internal TypeScript functions, and network communication is restricted to Fastmail's official JMAP and CalDAV APIs.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or local environment is misused, the same credentials could read, send, organize, or delete Fastmail data.
The skill requires account-level Fastmail credentials for email/calendar operations. That is purpose-aligned, but the access is high impact and not scoped in the artifacts.
⚠️ Tokens have full account access - keep them secret!
Use a dedicated Fastmail token/app password with the least permissions available, store it securely, and rotate it if exposed.
A mistaken or over-broad agent action could send messages, delete/move many emails, or alter calendar events.
The skill exposes account-mutating and destructive actions, including bulk operations, but the instructions do not require confirmation or constrain when the agent may use them.
Bulk actions → `bulk_move_emails`, `bulk_set_labels`, `bulk_delete_emails` ... Modify → `update_event` ... Delete → `delete_event` ... Send/reply → `send_email` or `reply_email`
Require explicit user confirmation for send, reply-all, delete, bulk, RSVP, and calendar mutation actions.
A bundled secret or unexpected credential path could indicate unsafe credential handling or make it harder to understand what account authority is being used.
A hardcoded client_secret in the distributed bundle conflicts with the documented env-only credential handling. The provided excerpt is truncated, so its exact use is unclear.
Static scan at dist/cli.js:10614: client_secret: [REDACTED]
Inspect the bundled file, remove any real hardcoded secret, and publish a reproducible build or source map showing why this value is present.
Setup may download or execute dependency code outside the reviewed artifacts, which matters because the skill handles account credentials.
The skill relies on local package installation and a package runner, while the registry says there is no install spec and package.json uses dependency version ranges.
cd .opencode/skills/fastmail && bun install bunx fastmail list_mailboxes
Pin dependencies with a lockfile, declare the install requirements in metadata, and verify bunx runs the local reviewed CLI.