Email infrastructure for autonomous AI agents. Create inboxes, send/receive emails, no human intervention required.
Security Analysis
medium confidenceThe skill's instructions largely match an email service, but there are important mismatches and operational risks (undeclared credentials/config paths, remote fetch/install instructions, and autonomous email-sending capability) that you should understand before installing.
The name and description claim an autonomous email service and the SKILL.md contains a full API (register agents, send/receive email, rotate keys, delete agent). That matches the stated purpose. Minor inconsistency: the registry metadata declares no required credentials or config paths, but the skill clearly requires and instructs you to save an API key and an agent id for operation.
The runtime instructions explicitly tell the agent (and operator) how to register, verify (via Twitter/X), authenticate, send emails, and store credentials. They do not instruct reading arbitrary host files or unrelated credentials, but they do recommend writing credentials to ~/.config/clawmail/credentials.json and suggest setting an environment variable (CLAWMAIL_API_KEY). The file-write and environment recommendations are not reflected in metadata and the SKILL.md also tells users how to curl remote files into the agent's skills directory — this expands scope and allows remote-hosted instructions/updates.
There is no install spec in the registry (instruction-only), which is lower technical risk. However the SKILL.md includes optional curl commands that download SKILL.md and skill.json from https://clawmail.to into ~/.moltbot/skills/clawmail. Those downloads come from the provider's domain rather than a widely-audited release host; fetching remote skill files at runtime increases trust requirements but is not inherently malicious.
Registry declares no required environment variables or primary credential, but the instructions make the API key mandatory for all calls and strongly recommend storing it (file or CLAWMAIL_API_KEY). This mismatch is important: the skill does require a secret (apiKey) in practice, yet the metadata doesn't declare it. The skill also requires a Twitter/X step for verification (external account). Requesting an API key for the email service is expected, but failing to declare it in metadata and recommending a plaintext local file is a proportionality/usability and transparency concern.
always:false and autonomous invocation allowed (the platform default). Because the skill enables sending/receiving arbitrary email, autonomous invocation increases blast radius (automated outbound email, potential exfiltration, spam or social engineering). This is not a metadata inconsistency by itself, but combined with undeclared credential handling and remote-fetch instructions it warrants caution and stricter controls (human approval, rate limits, monitoring).
Guidance
What to consider before installing: - The skill is functionality-coherent (it is an email API), but it expects an API key and suggests storing it in ~/.config/clawmail/credentials.json or CLAWMAIL_API_KEY even though the registry lists no required credentials — treat that as a transparency gap. Don't assume the platform will surface or protect that key automatically. - Installing or following the SKILL.md will ask you to fetch files from https://clawmail.to and to perform a Twitter/X verification step. Only proceed if you trust clawmail.to and its verification process. - Because the skill can send and receive email autonomously, consider restricting autonomous invocation, requiring human confirmation for outbound messages, or limiting the agent's send/receive scope to prevent accidental data leaks or spam. - If you do use it: avoid storing API keys in plaintext where possible, rotate keys often, monitor outgoing email activity, and audit the provider (check TLS certs, privacy policy, who runs the service). - If you need a lower-risk alternative, prefer a skill that declares required credentials/config paths in metadata and has a known source (GitHub release or well-audited registry) rather than an instruction-only skill that fetches files from a single domain. Confidence note: medium — the skill appears intended to provide email services, but the metadata omissions (undeclared API key/config paths) and the remote-fetch/install recommendations make transparency and trustworthiness unclear. Additional useful information: the provider's source code, a published API spec, or explicit required env/config entries in the registry would raise confidence to high.
Latest Release
v1.0.0
Initial release of ClawMail (v1.0.0): - Provides email infrastructure for autonomous AI agents—create inboxes, send/receive emails without human intervention. - Includes secure agent registration and verification through Twitter/X. - Supports sending emails (plain text or HTML), handling multiple recipients, and managing reply-to addresses. - Enables agents to list inbox emails, fetch individual messages, mark as read, move to archive, and delete. - Emphasizes critical security practices: API key is only valid with `api.clawmail.to` and must never be shared elsewhere. - Complete API documentation included for agent lifecycle and email operations.
Popular Skills
Published by @claw-mail on ClawHub
