Mailtap
PassAudited by ClawScan on May 1, 2026.
Overview
Mailtap’s artifacts match its temporary-email purpose and show no malicious behavior, but generated inboxes and attachments are public/external and should not be used for sensitive accounts or files.
This skill is reasonable for disposable email testing and low-risk verification flows. Before installing or using it, confirm you are comfortable sending messages through api.mailtap.org, avoid sensitive or long-term accounts, explicitly approve attachment downloads, and treat all incoming email content as untrusted data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could retrieve messages or download untrusted attachments as part of a requested workflow.
The skill intentionally supports autonomous polling, data extraction, and attachment retrieval. This is coherent for temporary email, but it can still cause unintended downloads or verification actions if the user has not scoped the task.
Agents can chain operations autonomously (generate → wait → poll inbox → extract data → download attachments).
Approve the specific signup, polling duration, and attachment-download behavior before use; do not open or execute downloaded files unless separately verified.
Using disposable addresses for important accounts could leave account recovery or verification tied to a temporary public inbox.
Verification codes and one-time links can be used to complete account-registration or confirmation flows. The skill does not request existing user credentials, but it does participate in identity/account workflows.
Capturing verification codes, one-time links, or confirmation emails
Use this only for testing, privacy-preserving low-risk signups, or explicitly authorized workflows; avoid financial, production, or long-term accounts.
A malicious email could contain text that tries to manipulate the agent if the agent treats message contents as commands.
Inbox message bodies are retrieved from external senders and may enter the agent context. They should be treated as untrusted data, not instructions.
"body": { "type": "string" }Configure the agent to extract only expected fields such as codes or links and ignore any instructions contained in email bodies or attachments.
Emails, verification links, or attachments sent to the disposable address may not be private in the way a normal authenticated mailbox is.
The service is intentionally unauthenticated and attachment links are public if the address or object key is known. This is disclosed and purpose-aligned, but it affects confidentiality.
No authentication or API key is required ... Attachments are publicly downloadable via the S3-compatible URL: https://s3.mailtap.org/{r2_key}Do not send sensitive personal, financial, production, or account-recovery messages to Mailtap addresses; assume temporary inbox contents and attachment URLs are externally hosted and low-confidentiality.