Safety Report

PortEden - secured email (Gmail, Outlook, Exchange) access for OpenClaw

Name: PortEden - secured email (Gmail, Outlook, Exchange) access for OpenClaw
Rating: 5 (3 reviews)
Author: porteden

@porteden

Secured Email Mnagement - Gmail, Outlook & Exchange - list, search, read, send, reply, forward, delete, and modify emails across multiple accounts (gog-cli s...

1,015Downloads

11Installs

3Stars

5Versions

Search & Retrieval5,443 CLI & Shell Tools4,287 Networking & DNS2,429 Email Automation1,545

Security Analysis

high confidence

Clean0.04 risk

The skill's requirements and instructions are consistent with a CLI-based email management tool: it needs the porteden binary and an API key and the SKILL.md stays within that scope.

Feb 26, 20261 files1 concern

Purpose & Capabilityok

The name/description (email management across Gmail/Outlook/Exchange) matches the declared requirements: a 'porteden' CLI binary and a PE_API_KEY. The listed optional env vars (PE_PROFILE, PE_TIMEZONE, etc.) are reasonable for a multi-account CLI. Nothing in the manifest requests unrelated services or credentials.

Instruction Scopenote

SKILL.md directs the agent to run the porteden CLI, perform browser or token login, and use stored credentials in the system keyring. This is within expected scope, but note that the CLI (when invoked) will access your email providers and local keyring; flags like --include-body or --all will fetch fuller or larger sets of email data.

Install Mechanismok

Install options are brew (porteden/tap/porteden) or go install from github.com/porteden/cli — both are standard ways to install a CLI. The brew formula is a third‑party tap (porteden/tap) rather than core/homebrew; verify the tap and the upstream GitHub repo before installing.

Credentialsok

The only required env var is PE_API_KEY (declared as primaryEnv) which is appropriate for an API-backed CLI. The additional env vars listed are optional configuration. There are no unrelated credentials required.

Persistence & Privilegeok

The skill does not request always:true and does not modify other skills. It notes credentials persist in the system keyring (expected for convenience). Autonomous invocation is allowed by default on the platform but is not a new privilege introduced by this skill.

Guidance

This skill appears coherent for a CLI email client, but take these precautions before installing: 1) Verify the porteden project (homepage and GitHub repo) and the brew tap to ensure you trust the upstream authors. 2) Prefer browser login (stored in system keyring) over exporting PE_API_KEY into shared environment variables. 3) If you must set PE_API_KEY, avoid placing it in shells or CI environments where others can read it. 4) Consider verifying the installed binary (checksums or signed release) and inspect the GitHub repo if you can. 5) Be conscious when invoking flags like --include-body or --all that retrieve full message bodies or large datasets. 6) If you do not want agents to access your email autonomously, do not enable the skill for autonomous use (or disable agent invocation in your agent settings).

Latest Release

v1.0.4

Version 1.0.4 of porteden-email

More by @porteden

6 stars

Calendar

2 stars

PortEden - Secure your calendar & email data.

2 stars

PortEden - secured calendar(Gmail, Outlook, Exchange) access for OpenClaw

2 stars

Secure Gmail integration (gws & gogcli gmail with firewall alternative)

1 stars

Google Drive

1 stars

Published by @porteden on ClawHub