email-sender-policy Security Report — Trusted | ClawSafe

5 /100

email-sender-policy

邮件发送政策管理员，自动应用UTF-8编码、表格转清单、RFC 822格式

Legitimate email formatting and sending skill that performs all documented functions (RFC 2047 encoding, Markdown table conversion, Gmail API integration) without malicious behavior.

Skill Nameemail-sender-policy

Duration29.6s

Enginepi

✓

Safe to install

Approve for use. This skill has no security concerns - it reads local files and sends emails via a documented API gateway as declared.

Findings 1 items

Severity	Finding	Location
Low	Dead child_process import Doc Mismatch execSync is imported from child_process but never called. This is dead code that could theoretically be activated, but poses no current risk. `const { execSync } = require('child_process');` → Remove unused import for cleaner code	`index.js:215`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	index.js:219 - fs.readFileSync(args.file)
Network	`NONE`	`WRITE`	✓ Aligned	index.js:170-183 - POST to gateway.maton.ai for Gmail API

8 findings

🔗

Medium External URL 外部 URL

https://maton.ai/settings

README.md:41

🔗

Medium External URL 外部 URL

https://ctrl.maton.ai/connections

README.md:43

🔗

Medium External URL 外部 URL

https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages/send

SKILL.md:94

📧

Info Email 邮箱地址

[email protected]

README.md:54

📧

Info Email 邮箱地址

[email protected]

README.md:54

📧

Info Email 邮箱地址

[email protected]

README.md:57

📧

Info Email 邮箱地址

[email protected]

README.md:60

📧

Info Email 邮箱地址

[email protected]

README.md:200

File Tree

8 files · 26.0 KB · 997 lines

Markdown 5f · 613L JavaScript 2f · 366L JSON 1f · 18L

├─ 📋 _meta.json JSON 18L · 469 B

├─ 📝 article.md Markdown 56L · 3.3 KB

├─ 📜 index.js JavaScript 320L · 8.3 KB

├─ 📝 README.md Markdown 260L · 5.8 KB

├─ 📝 SKILL.md Markdown 269L · 6.4 KB

├─ 📜 test_format.js JavaScript 46L · 1.1 KB

├─ 📝 test_newsletter.md Markdown 19L · 523 B

└─ 📝 test_table.md Markdown 9L · 213 B

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`node (runtime)`	`required`	runtime	No	No npm package dependencies - uses native Node.js modules

Security Positives

✓ All functionality declared in SKILL.md is implemented correctly

✓ MATON_API_KEY credential access is declared in _meta.json

✓ No credential exfiltration - API key used only for Gmail API authentication

✓ No base64 decoding piped to shell execution

✓ No suspicious network connections to unknown IPs

✓ No file writes outside of documented behavior

✓ Test mode available to verify format without sending

✓ RFC 2047/822 compliant email formatting

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives