Skillv1.0.4

ClawScan security

Mailtap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 19, 2026, 4:13 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with a temporary email service: it uses public API endpoints, needs no credentials, and its helper includes basic attachment safety checks — but attachments are publicly hosted and the provided helper code is truncated, so verify download handling before wide use.
Guidance: This skill appears to do what it advertises: generate temporary emails and retrieve messages via public endpoints (api.mailtap.org) and public attachments (s3.mailtap.org). Before installing or letting agents use it autonomously, consider the following: - Attachments are publicly downloadable and may contain malware; ensure agents enforce MIME-type whitelists, file-size limits, and run downloaded files through a virus scanner or sandbox before processing or opening. - The included Python helper shows safety checks (whitelist and max size) but the file is truncated in the bundle — review the full helper code or reimplement download logic to confirm it does not execute unvalidated content. - Public temporary-email services are useful but can be abused for fraud or account creation; ensure your usage complies with service terms and your organization's policies. - Verify the API hostnames (api.mailtap.org, s3.mailtap.org) are the intended official endpoints and that you are comfortable allowing network access to them. If you need stronger assurance (e.g., for automated, high-volume workflows), request full source code for the helper or run downloads in an isolated environment; otherwise the skill is internally consistent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description (temporary disposable email) match the SKILL.md and openapi.json. The documented endpoints (generate, inbox, email) and S3 attachment URLs align with the stated purpose. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteInstructions are narrowly scoped to calling the public API, polling inboxes, and downloading attachments. This is expected, but downloading attachments from a public S3 host is explicitly allowed by the skill and can expose agents to malicious files. The SKILL.md includes whitelist/size checks in a Python helper, which mitigates risk, but the helper is truncated in the provided artifact so the full download/validation flow could not be verified.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute. Lowest install risk — nothing is written to disk by an installer.
Credentials: okNo environment variables, credentials, or config paths are requested. That is proportionate for a public, no-auth API.
Persistence & Privilege: okSkill is not marked always:true and uses the normal agent invocation model. It does not request elevated or persistent platform privileges.