osascript-email 安全扫描报告 — 可信 | ClawSafe

10 /100

osascript-email

Send emails on macOS via AppleScript (osascript) using Mail.app — no SMTP credentials, passwords, or API keys required.

A legitimate macOS email automation skill using osascript/Mail.app; no malicious behavior, credential access, or hidden functionality detected.

技能名称osascript-email

分析耗时40.8s

引擎pi

✓

可以安装

No action needed. This skill is safe to use for its documented purpose of sending emails via macOS Mail.app.

安全发现 1 项

严重性	安全发现	位置
低危	Shell execution capability implied but not explicitly declared 文档欺骗 SKILL.md uses Bash/heredoc code blocks showing osascript execution, which implicitly declares shell:WRITE capability, but does not explicitly list it in a capabilities section. This is a minor documentation clarity issue. `osascript << 'APPLESCRIPT'` → Add a 'Capabilities' or 'Required Permissions' section to SKILL.md explicitly listing shell:WRITE for osascript execution.	`SKILL.md:15`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file read/write operations in send_email.py; file attachment feature only use…
网络访问	`NONE`	`NONE`	—	No direct network calls; Mail.app handles all network/SMTP communication
命令执行	`NONE`	`WRITE`	✓ 一致	scripts/send_email.py:44 uses subprocess.run to execute osascript; SKILL.md show…
环境变量	`NONE`	`NONE`	—	No access to os.environ in any file
技能调用	`NONE`	`NONE`	—	No nested skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser access
数据库	`NONE`	`NONE`	—	No database access

1 项发现

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:55

3 文件 · 7.0 KB · 202 行

Markdown 2f · 136L Python 1f · 66L

├─ ▾ 📁 references

│ └─ 📝 attachments.md Markdown 46L · 1.6 KB

├─ ▾ 📁 scripts

│ └─ 🐍 send_email.py Python 66L · 1.9 KB

└─ 📝 SKILL.md Markdown 90L · 3.6 KB

包名	版本	来源	已知漏洞	备注
`subprocess`	`stdlib`	Python standard library	否	No external dependencies; only stdlib subprocess is used

✓ No credential harvesting or environment variable access

✓ No data exfiltration beyond the user-provided email content

✓ No obfuscation (no base64, no eval, no encoded strings)

✓ No remote code download or curl|bash patterns

✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)

✓ No hidden functionality — all behavior is documented in SKILL.md

✓ Mail.app authentication is handled entirely by the OS, not by the script

✓ No supply chain risks — no external dependencies (only Python stdlib subprocess)

✓ Sender address is constrained to Mail.app-configured accounts — cannot spoof arbitrary addresses

✓ attachments.md is purely reference documentation with no executable code