Skillv0.1.0

ClawScan security

Generic Mail Client · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 3:21 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, config, and runtime instructions are consistent with a generic IMAP/POP3+SMTP mail client; nothing in the package indicates hidden exfiltration or unrelated capabilities, but you should protect the config file and be aware of privacy implications of returning message contents to the agent/LLM.
Guidance: This skill appears to do what it says: send and receive email via SMTP/IMAP using credentials stored in config.yaml. Before installing, consider the following: - Protect config.yaml: it contains account usernames and plaintext passwords. Store it securely, restrict filesystem permissions, or use application-specific passwords rather than personal account passwords. - Understand data flow: getMessage returns message body text (and could be extended to return attachments). If your agent/LLM invokes the handlers, email contents will be visible to that agent. Do not load personal/private inboxes unless you trust the host and agent. - Rate limiting / abuse: SKILL.md mentions send limits, but the code does not implement rate limiting. Ensure your host enforces sending limits and monitors for abuse to avoid accidental spamming. - Dependency review: the package uses common npm libraries (imapflow, nodemailer). If your environment enforces supply-chain policies, vet those packages and the lockfile source mirrors. - Operational: the skill will throw an error if config.yaml is missing; follow the SKILL.md instructions to populate config.yaml on the host side. If you want stronger safety, use robot/service accounts or app-specific passwords, keep the config in a secrets manager and inject at runtime, and confirm which components (LLM, human UI, logs) will receive handler responses containing email bodies.

Review Dimensions

Purpose & Capability: okName/description match the code: the implementation uses nodemailer for SMTP and imapflow for IMAP, supports multi-account config, attachments, listing and fetching messages, and marking/moving via IMAP. The required resources (a config.yaml with account credentials) are appropriate for the stated purpose.
Instruction Scope: noteSKILL.md instructs the host to store mail credentials in config.yaml (not exposed to the LLM). The code reads that file and exports handlers for send/list/get/update operations. The skill returns message bodies (m.source is returned as bodyText) and attachment metadata; that means email content can flow back through the handler responses to whichever component invokes the skill (including an LLM). The README's logging/privacy promises are host-side policy statements rather than enforced by code. There are no instructions or code that read other unrelated files or contact external endpoints beyond configured mail servers.
Install Mechanism: okNo install spec is declared (instruction-only from platform perspective), and all code is bundled in the package. Dependencies are standard npm packages (imapflow, nodemailer, js-yaml) and package-lock references npm mirrors; there are no downloads from arbitrary URLs or extraction steps in the manifest.
Credentials: noteNo environment variables are requested; instead credentials are expected in config.yaml (username/password per account). That is proportionate to an email client, but storing plaintext credentials in a config file requires host-side protection (file permissions, secret storage, or app-specific passwords). The number and type of secrets requested is minimal and appropriate for the function.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence or modify other skills. It exposes handlers for the platform to call; autonomous invocation is allowed by default but is not combined here with other elevated privileges.