ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

osascript-email

v1.0.0

Send automated plain-text emails on macOS via Mail.app using AppleScript without SMTP credentials, suitable for alerts and reports, not bulk or HTML emails.

0· 31·0 current·0 all-time
by@yumik20
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and included send_email.py all align: this is an AppleScript/osascript-based helper for Mail.app on macOS. No unrelated credentials, binaries, or cloud APIs are requested.
!
Instruction Scope
Runtime instructions tell the agent to construct and run AppleScript via osascript and provide a Python helper that builds an AppleScript string with user-supplied subject/body/to/attachment_path. The skill instructs use of absolute file paths for attachments (references/attachments.md). These patterns are expected for the task, but constructing AppleScript via naive string interpolation is brittle and can allow script injection or accidental execution of unintended AppleScript if inputs are not properly sanitized. Attachment guidance also enables sending arbitrary local files, which could be used to exfiltrate sensitive data if an agent has file access. The SKILL.md does warn about explicit consent and Automation permissions.
Install Mechanism
No install spec (instruction-only + single Python helper file). No downloading or execution of remote code; lowest-risk install pattern.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. It does require Mail.app to be configured with an account and Automation permission to control Mail.app — these are legitimate for the stated purpose.
Persistence & Privilege
always is false and the skill does not request special persistent privileges or modify other skills. Note: the platform default allows autonomous invocation; combined with the ability to attach/send local files this increases risk if the agent is granted broad file or execution rights.
What to consider before installing
This skill appears to do what it says (send Mail.app messages via AppleScript) but take precautions before installing: (1) Review and test the included scripts locally — the Python helper constructs AppleScript by interpolating user strings; avoid passing untrusted input as subject/body/to/attachment_path. (2) Be careful with attachments: supplying absolute paths lets the skill send arbitrary local files — do not give the agent broad file-system read access or allow autonomous runs that could pick sensitive files. (3) Limit Automation permissions and prefer user-invocable use (do not enable broad autonomous invocation) unless you trust the agent and inputs. (4) If you plan to use this from an automated agent, add input sanitization or stronger quoting to prevent AppleScript injection and carefully audit any cron/agent workflows that call send_email. Additional information that would raise confidence: a hardened escaping routine for AppleScript used in the helper, tests demonstrating safe handling of special characters, or an explicit note limiting agent file-access when used autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk975nantm2sfacbae7fvw64bbx844agz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments