ClawHub

Email Reply Reader

v0.1.0

Read and parse job application email replies from companies. Activate when user asks to check job application replies, read recruiter emails, see who respond...

0· 95·0 current·0 all-time
by@xiaoxty
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with what the SKILL.md does: it searches a Gmail inbox and classifies replies. The only required binary is 'gog', which is exactly what's used in the instructions to access Gmail. No unrelated env vars, config paths, or extra binaries are requested.
Instruction Scope
Instructions explicitly direct the agent to search inbox/sent mail and read full message bodies via 'gog'. This is expected for an email reader, but it means the skill will have access to full email text (sensitive PII). The SKILL.md does not instruct exfiltration or to post data to other endpoints, nor does it auto-send replies — it only offers templates and suggests drafting replies.
Install Mechanism
This is instruction-only with no install spec (lowest install risk). The user must already have the 'gog' binary; no downloads or archive extraction are specified by the skill itself.
Credentials
No environment variables or external credentials are declared. The skill expects the user to authenticate 'gog' with Gmail (via gog auth), which is proportionate to the claimed capability of reading Gmail.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. The default platform setting allows autonomous invocation, so if you permit the agent to call the skill automatically it could read inbox content when triggered — this is a sensitivity consideration but not an intrinsic incoherence in the skill.
Assessment
This skill will read your Gmail via the 'gog' CLI and classify recruiter replies. Before installing or invoking it: (1) verify the provenance and trustworthiness of the 'gog' binary you will use (official source, review permissions); (2) understand that authenticating will grant that tool access to your email content — consider using an account you control and trust; (3) confirm you are comfortable with the agent being allowed to invoke the skill autonomously (it could read emails when triggered); (4) the skill does not request unrelated secrets, but be cautious about sharing credentials outside of the vetted gog auth flow. If any of these are a concern, do not enable the skill or run the gog auth step until you validate gog's origin and permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk977amrjcn0g7qf891fhjthfbx832tbe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
Binsgog

Comments