Skillv1.0.1

ClawScan security

my_send_email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 13, 2026, 4:14 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality (sending a single email) matches its description, but it embeds a plaintext corporate SMTP credential and other small inconsistencies that are disproportionate and risky.
Guidance: This skill will send emails using a hardcoded corporate SMTP account embedded in the script. That means the skill can send messages as ai_assistant@cloudtrend.com.cn and the password is stored in plaintext inside the skill. Before installing: do not use production credentials in skills; ask the author to remove the hardcoded password and accept SMTP credentials via secure environment variables or a credentials store; ensure the SMTP account is a dedicated, limited-power account and rotate the password immediately if this code has been exposed; prefer a version that does not include organization credentials in-source. If you must use it, run it in a controlled environment and audit/monitor outgoing emails.
Findings: [HARD_CODED_CREDENTIAL_IN_SOURCE] unexpected: The repository contains a plaintext SMTP password and sender email in send_mail.py. The pre-scan reported 'None detected', but manual review finds these credentials embedded in the code. Hardcoded credentials are not expected for a well-configured send-email skill.

Purpose & Capability: noteThe name/description and runtime code both implement a simple SMTP email-sending helper — that's coherent. Minor mismatch: _meta.json lists 'smtplib' under requires (standard library) and uses an absolute workspace path; otherwise the requested capabilities are what you'd expect for an email sender.
Instruction Scope: concernSKILL.md simply instructs running send_mail.py with receiver/subject/content. The code then logs into smtp.cloudtrend.com.cn and sends the provided content. While that is within the stated purpose, the script will transmit arbitrary message content to an external SMTP server using a hardcoded account, which is a high-risk action and not declared in the skill metadata.
Install Mechanism: okNo install spec and no downloads; the skill is instruction-only with a bundled Python script. This minimizes install-time risk (nothing is fetched or installed at runtime).
Credentials: concernThe skill contains a plaintext SMTP password (password = "A5b3C3D6!") and a fixed sender address inside send_mail.py but declares no required environment variables or credentials. Hardcoding production credentials in-code is disproportionate and inconsistent with the metadata; credentials should be provided via environment/config and not embedded in source.
Persistence & Privilege: okThe skill does not request 'always: true' and does not modify other skills or global config. It is user-invocable only, which limits its autonomous reach.