Claw Mail — ClawHub

3 min read Original article ↗

Security Scan

Suspicious

medium confidence

Purpose & Capability

Name/description match the documented API calls (poll, send, threads). However the registry metadata lists CLAWMAIL_SYSTEM_ID as the primary credential while requires.env is empty; the SKILL.md primarily reads ~/.clawmail/config.json for the system_id rather than relying on an environment variable. This mismatch is unexplained but not necessarily malicious.

!

Instruction Scope

Runtime instructions tell the user/agent to curl https://clawmail.cc/scripts/setup.py and run python3 setup.py, which will write ~/.clawmail/config.json with credentials. Executing an arbitrary remote script expands the skill's effective surface beyond simple API usage. The skill also marks polled messages as read (poll endpoint 'marks them as read') — callers should be aware of that side-effect.

!

Install Mechanism

There is no formal install spec, but SKILL.md directs downloading and executing a script from https://clawmail.cc/scripts/setup.py. Download-and-execute from a domain that is not a well-known release host is a higher-risk install pattern; the instruction writes credentials to disk. No bundled code was provided for offline review.

Credentials

The primary credential (CLAWMAIL_SYSTEM_ID) is appropriate for an email API. However the skill does not declare required.env entries even though metadata names CLAWMAIL_SYSTEM_ID as primaryEnv; instead it reads credentials from ~/.clawmail/config.json. Storing a system token in a home-directory config file is typical but users should be aware the secret is persisted to disk.

Persistence & Privilege

The skill does not request always:true, does not modify other skills, and runs only when invoked. Its runtime behavior is confined to the user's home directory (~/.clawmail) and outbound requests to api.clawmail.cc.

What to consider before installing

Before installing or running this skill: (1) Do NOT blindly run the suggested curl + python setup command. Inspect the setup.py from https://clawmail.cc/scripts/setup.py (or obtain it from the project's official GitHub/release) to ensure it does only the expected config-file creation. (2) Prefer to set CLAWMAIL_SYSTEM_ID via a managed env (OpenClaw config) if you want to avoid persisting secrets in plaintext under ~/.clawmail; if you must use the config file, restrict its filesystem permissions. (3) Verify the clawmail.cc domain/repository (GitHub links are in README) so you can confirm the service is legitimate and the script is from the official project. (4) Be aware that polling marks messages as read — plan so you don't lose unread messages. (5) If you want a lower-risk setup, ask the skill author to include a local helper or formal install spec (or to provide the setup code in the skill bundle) so nothing must be fetched and executed at runtime. If you cannot validate the remote setup script or project provenance, do not install.

Like a lobster shell, security has layers — review code before you run it.