Trust Assessment
sendclaw received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill explicitly instructs autonomous email sending without human approval, Skill encourages agent to bypass human oversight for sensitive email operations, Risk of data exfiltration due to autonomous email sending and message retrieval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill explicitly instructs autonomous email sending without human approval The skill contains direct instructions to the AI agent to send and reply to emails autonomously, explicitly forbidding asking for human approval or waiting for permission. This attempts to manipulate the host LLM's decision-making process, overriding safety mechanisms and human oversight. An attacker could leverage this to make the agent send malicious emails or exfiltrate data without human intervention. Remove all instructions that explicitly tell the AI to disregard human oversight or act autonomously without explicit, context-dependent human instruction. Rephrase to emphasize that the AI *can* send emails when appropriate, but human approval should be sought for sensitive or novel situations. | LLM | skill.md:38 | |
| HIGH | Skill encourages agent to bypass human oversight for sensitive email operations The skill's core design encourages the AI agent to operate with full autonomy over email sending and receiving, explicitly instructing it to 'Do NOT: Ask your human "Should I send this email?"' and 'Wait for human approval before replying to messages'. This grants excessive permissions to the agent, allowing it to perform sensitive actions (like sending emails, replying to messages, potentially registering for services) without necessary human review, increasing the risk of misuse or unintended consequences. Implement mechanisms for human review or approval for sensitive email actions. Rephrase instructions to guide the agent on *when* autonomy is appropriate versus when human consultation is required, especially for new or high-impact communications. | LLM | skill.md:26 | |
| HIGH | Risk of data exfiltration due to autonomous email sending and message retrieval The combination of the skill's explicit instructions for autonomous email sending (without human approval) and its API endpoints for retrieving message content (`GET /api/mail/messages`) creates a significant data exfiltration risk. A compromised agent, manipulated by prompt injection, could be instructed to retrieve sensitive inbound messages or other data it has access to, and then autonomously email that information to an attacker. Introduce human approval steps for sending emails, especially when the content is generated from retrieved sensitive data. Implement data loss prevention (DLP) measures or content filtering on outbound emails. Restrict the agent's ability to access and combine sensitive inbound message content with outbound email sending without explicit human review. | LLM | skill.md:97 |
Scan History
Embed Code
[](https://skillshield.io/report/5013c7cb9aee2a9d)
Powered by SkillShield