agentmail Security Report — Trusted | ClawSafe

5 /100

agentmail

API-first email platform for AI agents - create inboxes, send/receive emails, and handle webhooks

AgentMail is a legitimate email API platform for AI agents with no malicious behavior. All operations are properly declared and documented, using the official agentmail SDK for API communication.

Skill Nameagentmail

Duration35.4s

Enginepi

✓

Safe to install

This skill is safe to use. Ensure AGENTMAIL_API_KEY is properly secured and be aware of the documented prompt injection risk from untrusted incoming emails.

Findings 1 items

Severity	Finding	Location
Low	Prompt Injection Risk Acknowledged Sensitive Access SKILL.md explicitly documents the prompt injection risk from incoming email webhooks and provides mitigation guidance through allowlist filtering. `⚠️ Risk: Incoming email webhooks expose a prompt injection vector` → Follow the documented allowlist pattern to mitigate this risk.	`SKILL.md:70`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	send_email.py:66 reads attachments only
Network	`READ`	`READ`	✓ Aligned	SDK makes HTTPS calls to api.agentmail.to
Shell	`NONE`	`NONE`	—	No subprocess or shell commands
Environment	`READ`	`READ`	✓ Aligned	Reads AGENTMAIL_API_KEY only
Skill Invoke	`NONE`	`NONE`	—	No skill invocation detected
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

25 findings

🔗

Medium External URL 外部 URL

https://console.agentmail.to

SKILL.md:20

🔗

Medium External URL 外部 URL

https://your-domain.com/webhook

SKILL.md:75

🔗

Medium External URL 外部 URL

https://api.agentmail.to/v0

references/API.md:3

🔗

Medium External URL 外部 URL

https://your-app.com/webhook/support

references/EXAMPLES.md:69

🔗

Medium External URL 外部 URL

https://your-app.com/webhook/tasks

references/EXAMPLES.md:225

🔗

Medium External URL 外部 URL

https://your-app.com/tasks/

references/EXAMPLES.md:306

🔗

Medium External URL 外部 URL

https://ngrok.com/

references/WEBHOOKS.md:87

🔗

Medium External URL 外部 URL

https://abc123.ngrok-free.app

references/WEBHOOKS.md:136

🔗

Medium External URL 外部 URL

https://abc123.ngrok-free.app/webhook

references/WEBHOOKS.md:151

🔗

Medium External URL 外部 URL

https://myapp.com/webhook

scripts/setup_webhook.py:7

📧

Info Email 邮箱地址

[email protected]

SKILL.md:36

📧

Info Email 邮箱地址

[email protected]

SKILL.md:84

📧

Info Email 邮箱地址

[email protected]

SKILL.md:89

📧

Info Email 邮箱地址

[email protected]

SKILL.md:102

📧

Info Email 邮箱地址

[email protected]

references/API.md:35

📧

Info Email 邮箱地址

[email protected]

references/API.md:159

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:297

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:404

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:428

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:428

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:440

📧

Info Email 邮箱地址

[email protected]

references/EXAMPLES.md:497

📧

Info Email 邮箱地址

[email protected]

references/WEBHOOKS.md:18

📧

Info Email 邮箱地址

[email protected]

scripts/check_inbox.py:7

📧

Info Email 邮箱地址

[email protected]

scripts/send_email.py:6

File Tree

11 files · 52.5 KB · 1814 lines

Markdown 4f · 1219L Python 6f · 590L JSON 1f · 5L

├─ ▾ 📁 references

│ ├─ 📝 API.md Markdown 229L · 4.3 KB

│ ├─ 📝 EXAMPLES.md Markdown 508L · 13.8 KB

│ └─ 📝 WEBHOOKS.md Markdown 294L · 7.2 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 check_inbox.py Python 243L · 9.3 KB

│ ├─ 🐍 create_hammer_inbox.py Python 19L · 681 B

│ ├─ 🐍 inspect_create_inbox.py Python 13L · 457 B

│ ├─ 🐍 list_inboxes.py Python 23L · 651 B

│ ├─ 🐍 send_email.py Python 113L · 3.9 KB

│ └─ 🐍 setup_webhook.py Python 179L · 6.0 KB

├─ 📋 _meta.json JSON 5L · 128 B

└─ 📝 SKILL.md Markdown 188L · 5.9 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`agentmail`	`*`	pip	No	Core SDK - version not pinned, verify package integrity
`python-dotenv`	`*`	pip	No	Environment variable loading - optional dependency
`flask`	`*`	pip	No	Test server only - not used in production workflows

Security Positives

✓ All scripts use the official agentmail SDK with no direct HTTP calls

✓ No credential harvesting - only reads AGENTMAIL_API_KEY from environment

✓ No base64-encoded shell commands or obfuscation detected

✓ File access is limited to email attachments only

✓ Network calls go to documented API endpoint (api.agentmail.to)

✓ No reverse shells, C2, or data exfiltration detected

✓ Prompt injection risk is clearly documented with mitigation strategies

✓ Webhook security includes signature verification examples

Scan Report

Findings 1 items

File Tree

Dependencies 3 items

Security Positives