Is fontstep/send-email safe?

https://github.com/openclaw/skills/tree/main/skills/fontstep/send-email

90
SAFE

This skill provides legitimate email sending functionality via SMTP with reasonable security practices, including warnings against credential exposure. The main security considerations are the presence of executable code and the inherent potential for email capabilities to be misused, but the implementation appears trustworthy.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Executable scripts present -25

The skill contains both shell script (send_email.sh) and Python script (send_email.py) that will be executed by the agent. While the code appears legitimate for email functionality, executable code always presents some security risk.

LOW Email functionality could be misused for data exfiltration -10

While the intended purpose is legitimate email sending, the capability could theoretically be used to exfiltrate data via email. However, this is inherent to any email functionality.

LOW Potential for misuse for spam or phishing -15

Email sending capabilities could be misused for sending spam or phishing emails if the skill is compromised or misused.