70High
The skill is vulnerable to arbitrary
Behavior Analysis
Description verified — behavior matches claim
Claims to do
IMAP/SMTP Email Tool: Read, search, and manage email via IMAP protocol. Send email via SMTP. Supports Gmail, Outlook, 163.com, vip.163.com, 126.com, vip.126.com, 188.com, vip.188.com, and any standard IMAP/SMTP server.
Actually does
This skill executes `node` and `npm` commands to run JavaScript scripts (`scripts/imap.js`, `scripts/smtp.js`). It connects to IMAP and SMTP servers (e.g., `imap.gmail.com`, `smtp.gmail.com`) to read, search, manage, and send emails. It stores configuration in `~/.config/imap-smtp-email/.env` and can read/write files from user-defined `ALLOWED_READ_DIRS` and `ALLOWED_WRITE_DIRS` for attachments.
Skill Info
Namegzlicanyi/imap-smtp-email
Registryclawhub
Version0.0.10
PURLpkg:clawhub/gzlicanyi/imap-smtp-email@0.0.10
Stars90
Downloads38,288
Installs424
Source
SHA-25601345a894f28...
SHA-1f12f037bfa54...
MD52edfe1d428da...
TLSHfd02c4170d88...
ssdeep192:OaM+o7aQ...
Size8,219 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install gzlicanyi/imap-smtp-emailAssessments (1)
AI Agent Traps ↗Inadequate file access control enforcementhighdata exfiltration
The skill defines whitelists for file access (`ALLOWED_READ_DIRS`, `ALLOWED_WRITE_DIRS`). However, if the underlying Node.js scripts do not strictly enforce these whitelists against user-provided paths (e.g., for `--dir`, `--body-file`, `--attach`), it could lead to reading or writing arbitrary files on the system.
70% confidenceline 48
ALLOWED_READ_DIRS=~/Downloads,~/Documents ALLOWED_WRITE_DIRS=~/Downloads node scripts/imap.js ... download <uid> [--dir <path>] node scripts/smtp.js ... send ... --body-file <file> ... --attach <file>
Potential command injection via script argumentsmediumcommand execution
The skill executes `node` scripts with user-controlled arguments. If these arguments are not properly sanitized before being used in internal shell commands or file operations within the Node.js scripts, it could lead to command injection.
60% confidenceline 105
node scripts/imap.js [--account <name>] check [--limit 10] node scripts/smtp.js [--account <name>] send --to <email> --subject <text> [options]
Execution of unspecified setup scriptmediumcommand execution
The skill instructs the user to run `bash setup.sh` for configuration. The content of this script is not provided, which poses a risk if the script itself contains malicious commands or vulnerabilities.
70% confidenceline 22
bash setup.sh
Supply chain risk from npm dependencieslowsupply chain
The skill requires `npm install` to set up dependencies. If the `package.json` or any of its transitive dependencies are compromised, it could introduce malicious code into the agent's environment.
80% confidenceline 251
npm install
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/gzlicanyi/imap-smtp-email)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/gzlicanyi/imap-smtp-email"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/gzlicanyi/imap-smtp-email.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/gzlicanyi/imap-smtp-email.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow