InterClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
InterClaw’s purpose is coherent, but it asks you to trust missing or unreviewed helper scripts with email and PGP credentials and optional background mail processing.
Install only from a complete, reviewed source that includes the referenced scripts. Use a dedicated email account, app-specific passwords, and a dedicated PGP key; verify peer fingerprints out of band; and enable background polling only if you are comfortable with ongoing automated email processing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You cannot review the actual commands that would receive your email passwords, use your PGP key, and send or process messages.
The skill depends on helper scripts and a bootstrap command, but the provided manifest says no code files are present. The unprovided scripts would be the components handling mail, PGP operations, and credentials.
files: ["scripts/*", "config/*", "docs/*"] ... ./scripts/interclaw-bootstrap ... Always use `interclaw-send` ... Always verify incoming messages with `interclaw-receive`.
Do not give real credentials to this skill until installing from a complete, pinned source package where the scripts are present and reviewed. Prefer a dedicated mailbox and app password.
If misconfigured or implemented unsafely, the skill could expose or misuse an email account or PGP identity.
The skill needs SMTP/IMAP credentials and a PGP signing identity. This is expected for an email mesh, but it grants authority to access the mailbox and sign messages as the configured agent.
INTERCLAW_SMTP_PASS="" ... INTERCLAW_IMAP_PASS="" ... PGP_PRIVATE_KEY_ID="" ... PGP_PASSPHRASE=""
Use a dedicated email account, provider app passwords, and a dedicated PGP key. Avoid reusing a personal mailbox or high-value signing key.
A mistakenly trusted peer could continue sending messages that the agent treats as valid until that trust is revoked.
The skill creates an agent-to-agent communication channel with persistent trusted peers. The protocol includes fingerprints and PGP checks, which are appropriate, but trust decisions are long-lived and sensitive.
After successful handshake, agents are permanently trusted (until revoked) ... Only messages signed by these keys will be processed
Verify fingerprints out of band, keep the trusted-peer list small, and periodically audit or revoke stale peers.
If enabled, the agent may continue checking mail and sending protocol responses in the background.
The skill documents optional polling and scheduled operation, plus automatic protocol responses such as ACKs. This is disclosed and aligned with the purpose, but it can keep operating beyond a single user invocation.
`interclaw-receive --poll` ... `interclaw-receive --once # single poll for cron` ... `interclaw-setup-polling` | Optional: set up cron or systemd polling
Only enable polling or cron/systemd setup intentionally, monitor logs, and disable it when not needed.
Messages and metadata may remain on disk after the conversation is over.
The protocol stores conversation state, sent messages, received messages, and logs locally. This supports retransmit and auditability, but it is persistent data that may include sensitive coordination content.
~/.interclaw/ ... sent/ ... received/ ... logs/interclaw.log ... sent_archive/<GlobalSeq>.msg
Place INTERCLAW_HOME in a protected directory, restrict file permissions, and define a retention/cleanup practice for archives and logs.