中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
email-checker-for-mac
Automated email assistant for Apple Mail. Runs on a schedule, scores priority, drafts AI replies, sends reports.
A legitimate macOS email automation tool with AppleScript control of Mail.app. Shell execution via subprocess/osascript is documented in the os requirement and metadata but not explicitly declared as a SKILL.md allowed-tool, which is a minor doc-to-capability gap.
Skill Nameemail-checker-for-mac
Duration71.5s
Enginepi
Safe to install
Add 'shell:WRITE' to the allowed-tools declaration in SKILL.md and explicitly document that the LLM API key is read from config/settings.json and transmitted to the configured LLM endpoint. These are legitimate behaviors that should be made transparent.

Findings 3 items

Severity Finding Location
Low
Shell execution not declared as allowed-tool Doc Mismatch
SKILL.md declares 'requires: osascript' in metadata but does not list shell:WRITE or any shell permission in an allowed-tools section. The code uses subprocess.run(['osascript', ...]) extensively, which maps to shell:WRITE capability.
metadata: {"requires":{"bins":["osascript"],...}}
→ Add an explicit allowed-tools declaration to SKILL.md: shell:WRITE, filesystem:READ, filesystem:WRITE, network:READ.
 SKILL.md:1
Info
LLM API key transmission to external endpoint not documented Sensitive Access
OpenAI API keys (or LM Studio/Ollama keys) are stored in config/settings.json and transmitted to the configured LLM base URL via POST with Bearer token. This is necessary for the feature but not called out in the SKILL.md docs section.
headers={'Content-Type': 'application/json', 'Authorization': 'Bearer ' + api_key}
→ Document in SKILL.md that LLM API keys are read from config/settings.json and transmitted to the configured LLM endpoint.
 scripts/email/checker.py:150
Info
Crontab installation creates scheduled persistence Persistence
setup.sh installs a cron job via crontab that runs checker_wrapper.sh at boot (@reboot) and on an interval. This persistence mechanism is documented in README.md but not in SKILL.md.
echo '@reboot $WRAPPER' | crontab -
→ Add a note in SKILL.md that the skill can install crontab entries for scheduled execution.
 setup.sh:245
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✓ Aligned scripts/email/checker.py: subprocess.run(['osascript', ...]); scripts/email/send…
Filesystem WRITE WRITE ✓ Aligned setup.sh writes config/settings.json; checker.py reads it; logs/ and temp/ dirs …
Network NONE READ ✓ Aligned checker.py: urllib.request.urlopen() to LLM_BASE_URL; LLM API key transmitted in…
Environment NONE READ ✓ Aligned setup.sh passes LLM_API_KEY as env var during LLM test; checker.py reads config …
Skill Invoke NONE READ ✓ Aligned SKILL.md describes OpenClaw integration via Telegram/WhatsApp invoking checker.p…
2 findings
📧
Info Email 邮箱地址
[email protected]
README.md:111
📧
Info Email 邮箱地址
[email protected]
README.md:122

File Tree

10 files · 59.0 KB · 1655 lines
Python 3f · 796L Shell 3f · 459L Markdown 2f · 360L JSON 2f · 40L
├─ 📁 config
│ └─ 📋 settings.example.json JSON 27L · 569 B
├─ 📁 scripts
│ └─ 📁 email
│ ├─ 🔧 checker_wrapper.sh Shell 15L · 510 B
│ ├─ 🐍 checker.py Python 649L · 26.5 KB
│ ├─ 🐍 send_reply.py Python 105L · 3.4 KB
│ ├─ 🐍 template.py Python 42L · 1.1 KB
│ └─ 🔧 template.sh Shell 25L · 469 B
├─ 📋 _meta.json JSON 13L · 425 B
├─ 📝 README.md Markdown 291L · 9.3 KB
├─ 🔧 setup.sh Shell 419L · 15.0 KB
└─ 📝 SKILL.md Markdown 69L · 1.9 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
urllib stdlib python3 built-in No Standard library — no external dependency for HTTP calls
subprocess stdlib python3 built-in No Standard library — used for osascript invocation, documented and necessary

Security Positives

✓ No base64-encoded execution, no eval(), no obfuscated payloads
✓ No access to ~/.ssh, ~/.aws, .env, or other credential storage paths
✓ No direct IP connections to unknown external servers — only to user-configured LLM endpoints
✓ No data exfiltration observed — email content is processed locally and reports sent to the user's own configured email address
✓ API keys stored in config/settings.json (gitignored), not hardcoded
✓ AppleScript is the standard, documented macOS automation interface — not a custom shell escape
✓ LLM connection test in setup.sh is interactive and user-driven with visible output
✓ Settings.json validation is performed before writing