ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Email

Operate the agent-email CLI to create disposable inboxes, poll for new mail, retrieve full message details, and manage local mailbox profiles. Use when the u...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 358 · 4 current installs · 4 all-time installs
byIsaac David@zaddy6
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the runtime instructions: all actions are limited to driving an 'agent-email' CLI (create/read/show/delete/accounts). The SKILL.md does not request unrelated credentials, files, or system-wide configuration.
Instruction Scope
Instructions are narrowly scoped to running the CLI, preferring JSON output and explicitly warning not to print/store secret fields. They do not instruct reading arbitrary files, environment variables, or posting data to third-party endpoints from the agent itself.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the SKILL.md recommends installing @zaddy6/agentemail via npm or bun if the CLI is missing. Installing an unvetted npm package globally can execute arbitrary code (postinstall scripts) and should be reviewed before installation.
Credentials
The skill declares no required env vars, credentials, or config paths. The only path hints are about npm/bun global bin on PATH which are proportional to making the CLI available.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and contains no instructions to modify other skills or system-wide agent settings; autonomous invocation is allowed but is the platform default.
Assessment
This skill appears coherent for driving a disposable-mail CLI. Before installing or running it: (1) vet the npm package @zaddy6/agentemail — inspect its source repository and published package contents (postinstall scripts, network calls); (2) prefer installing in a sandboxed environment (container/VM) or audit the package locally rather than a global npm install; (3) avoid having the agent print or log any returned 'password' or 'token' fields and review CLI outputs for unexpected endpoints or data exfiltration behavior; (4) if you cannot review the package, use a trusted alternative or manually run the CLI yourself rather than giving autonomous agent access.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97074vz2n245cemxn1f1cx5z5821zea

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Email CLI

Overview

Use this skill to operate the agent-email command safely and predictably for agent workflows that need inbox access.

Prefer JSON-native command output and return key fields (email, messageId, subject, createdAt, from.address) in your summaries.

Workflow

  1. Verify CLI availability.
command -v agent-email
agent-email --help

If missing, install:

npm install -g @zaddy6/agentemail
# or
bun install -g @zaddy6/agentemail
  1. Create a mailbox account.
agent-email create

Record these fields from JSON output:

  • data.email
  • data.accountId
  • data.activeEmail

Do not record, repeat, or print secret values such as mailbox passwords or tokens.

  1. Read latest messages.
agent-email read <email|default>

For inbox waiting/polling:

agent-email read <email|default> --wait 30 --interval 2

For full message payloads:

agent-email read <email|default> --full
  1. Retrieve one message in detail.
agent-email show <email|default> <messageId>

Use show when you need body/source details for verification links, codes, or full content extraction.

  1. Manage mailbox profiles.
agent-email accounts list
agent-email use <email|default>
agent-email accounts remove <email>

Avoid commands that require entering secrets on the command line in agent logs.

  1. Delete processed/irrelevant message when requested.
agent-email delete <email|default> <messageId>

Operational Guidance

  • Keep command output machine-readable; avoid forcing human output unless requested.
  • Prefer default alias when user does not specify an email.
  • Never echo, store, or summarize secret values (password, token) from command output.
  • If command fails, surface the JSON error code and hint fields directly.
  • For auth failures (AUTH_REQUIRED/401), rerun command once and request user intervention if credentials must be re-established.
  • For rate limits (RATE_LIMITED/429), retry after short delay.

Troubleshooting

  • command not found: ensure ~/.bun/bin or npm global bin path is on PATH.
  • NO_ACTIVE_ACCOUNT: run agent-email create or agent-email use <email>.
  • ACCOUNT_NOT_FOUND: run agent-email accounts list and pick a valid address.
  • EOTP during npm publish: use npm trusted publishing for CI or publish locally with OTP.

References

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…