Agent Email
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned for operating a disposable email CLI, but users should notice that it can install an external CLI, read full email contents including codes, delete messages, and reuse local mailbox profiles.
Before installing, make sure you trust the external agent-email package. Use the skill mainly with disposable inboxes, verify the active/default mailbox before reading or deleting mail, and avoid exposing sensitive verification codes or account recovery messages unless that is your explicit goal.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives external CLI code the ability to run on the user’s machine and handle mailbox data.
The skill relies on a globally installed third-party package that is not pinned to a specific version in the reviewed artifacts. This is expected for a CLI wrapper skill, but users should trust the package source before installing.
If missing, install: ```bash npm install -g @zaddy6/agentemail # or bun install -g @zaddy6/agentemail ```
Install only if you trust the package and prefer a reviewed or pinned version where available.
The agent may see or use login links, one-time codes, and other sensitive mailbox contents.
The skill can retrieve full email bodies, including verification links and codes. This is aligned with disposable inbox automation, but those messages can grant access to other services.
Use `show` when you need body/source details for verification links, codes, or full content extraction.
Use this for disposable or low-risk inboxes, and avoid routing sensitive account recovery or production authentication messages through it unless explicitly intended.
A mistaken command could remove mailbox messages from the disposable inbox.
The CLI includes a message deletion command. The instruction scopes deletion to when the user requests it, so this is not suspicious, but it is a mutating action.
Delete processed/irrelevant message when requested. ```bash agent-email delete <email|default> <messageId> ```
Confirm the target email address and message ID before allowing deletion.
The agent may read from or act on the currently active mailbox profile if no address is specified.
The skill uses local mailbox profiles and a default active account that can persist across tasks. This is expected for mailbox management, but future commands may act on the stored default profile.
Manage mailbox profiles. ```bash agent-email accounts list agent-email use <email|default> agent-email accounts remove <email> ``` Prefer `default` alias when user does not specify an email.
Check the active/default mailbox before use and remove profiles that should no longer be available.