ClawHub

Near Email Skill

v1.0.0

Send and read blockchain-native emails using NEAR Email service. Use when building notifications for NEAR smart contracts (NFT sales, DeFi liquidation alerts, DAO voting reminders) or when AI agents need email capabilities with a NEAR account identity.

1· 1.5k·0 current·0 all-time
by@zavodil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (NEAR email for notifications and agent email capability) match the instructions and examples: they use outlayer.near contract and an HTTPS API at api.outlayer.fastnear.com. No unrelated env vars, binaries, or install artifacts are requested.
Instruction Scope
SKILL.md stays within the stated purpose (send/read emails via NEAR transaction or HTTPS API). It includes examples that generate ephemeral keys, parse NEAR transaction receipts, and instruct client-side ECIES/ChaCha20 decryption — all expected for encrypted inbox flows. It also repeatedly recommends send_email_plaintext for on-chain notifications and explicitly warns that those messages are public on-chain.
Install Mechanism
This is instruction-only (no install spec, no code files to execute). The only external host referenced is api.outlayer.fastnear.com, which is expected for a hosted service but should be verified by the user.
Credentials
The registry metadata lists no required env vars or credentials (consistent). Examples rely on a 'PAYMENT_KEY' passed in an X-Payment-Key header and on NEAR keys for signing — these are reasonable for the stated integration but are not declared as required env vars, so users must supply/store them securely. No unrelated credentials or system paths are requested.
!
Persistence & Privilege
always is not set, but disableModelInvocation is also not set, so the model could autonomously invoke this skill to send emails or read inboxes. Because sending emails (including public on-chain notifications) and handling keys are sensitive actions, the lack of an explicit model-invocation safeguard is a noteworthy risk and users should decide whether to allow autonomous use.
Assessment
This skill appears to do what it says (NEAR-native email via outlayer.near and api.outlayer.fastnear.com), but you should: 1) verify and trust the external service/domain (api.outlayer.fastnear.com and the outlayer.near contract) before giving it any payment keys or private keys; 2) never send private data with send_email_plaintext — content is public on-chain; 3) store and transmit PAYMENT_KEY and any private keys securely (do not paste them into untrusted UIs); 4) consider disabling autonomous model invocation (set disableModelInvocation or otherwise require explicit user approval) if you do not want the agent to send/read emails without interactive confirmation; and 5) if you need stronger assurance, ask the publisher for source code, a homepage, or an audit of the outlayer service before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973hxppf9erf1va8daje9npwd80a3hm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments