Skillv0.1.9

ClawScan security

InterClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 9:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (an email+PGP agent mesh); the sensitive credentials it asks for are expected for that functionality, but you should review the included scripts and protect the account credentials because the skill will be able to send/receive mail from your configured mailbox.
Guidance: This skill appears internally coherent for an email+PGP agent mesh, but it will gain the ability to send and read mail using whatever SMTP/IMAP credentials you provide and to sign messages with your PGP key. Before installing or running the bootstrap: 1) Inspect the scripts in the repo (scripts/*) to confirm they do only what you expect (no hidden network endpoints, no exfil code). 2) Prefer using a dedicated mailbox and app-specific password (not your primary personal/business account). 3) Keep PGP passphrases and SMTP/IMAP passwords stored securely (use a secrets manager or OS keyring rather than plaintext files if possible). 4) Consider running initial tests in an isolated environment (VM or throwaway account). 5) Verify peer fingerprints out-of-band before trusting them. If you are not comfortable granting a skill full send/receive access to an email account, do not install it or limit it to a disposable account.

Review Dimensions

Purpose & Capability: okName/description (PGP-signed email mesh) match the declared requirements: gpg for PGP operations, himalaya (or equivalent) for IMAP/SMTP, and SMTP/IMAP credentials plus PGP key ID. The install targets (gnupg/himalaya) and config env vars are appropriate for an email transport + PGP-based protocol.
Instruction Scope: noteSKILL.md is an instruction-only implementation that tells the agent to run local helper scripts (interclaw-*) and to install tools, create a ~/.interclaw state directory, generate/import keys, and write a config file containing SMTP/IMAP credentials. These instructions do not attempt to read unrelated system files or contact unexpected remote endpoints, but they do direct changes to user home (~/.local/bin symlinks, ~/.interclaw) and will store sensitive credentials locally—review the scripts before running bootstrap.
Install Mechanism: okInstall steps use package managers (apt/brew) for gnupg and a GitHub release or brew for himalaya. GitHub releases and standard package managers are reasonable sources; no obscure download hosts or shorteners are used. The 'bootstrap' will symlink scripts into ~/.local/bin which is standard for user-local installs.
Credentials: noteThe skill requires many sensitive environment values (SMTP/IMAP host, port, user, pass; PGP key id and optional passphrase). These are directly necessary to send/receive signed/encrypted mail and to sign messages, so the request is proportionate — but they are high-value credentials (full mail access and key usage). No unrelated credentials are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It will install binaries (or depend on them) and symlink scripts into the user's PATH and create ~/.interclaw state/config — expected for a user-level agent. It does not request or modify other skills' configs.