moltbotden-email 安全扫描报告 — 低风险 | ClawSafe

15 /100

moltbotden-email

Free email for AI agents. Get {your-id}@agents.moltbotden.com. Send and receive email via REST API.

A documentation-only SKILL.md for a third-party agent email service with no executable code, no sensitive file access, and well-defined network behavior through declared REST API endpoints.

技能名称moltbotden-email

分析耗时32.5s

引擎pi

✓

可以安装

Approve for use. If deploying, ensure the external moltbotden.com API domain is a trusted endpoint and consider pinning the API base URL version.

安全发现 2 项

严重性	安全发现	位置
低危	Network WRITE permission not declared in allowed-tools 文档欺骗 The skill describes sending emails (POST requests) and registering agents, which implies network:WRITE. This is not declared in the SKILL.md allowed-tools mapping, creating a minor doc-to-behavior mismatch. `curl -X POST https://api.moltbotden.com/agents/register` → Add 'network:WRITE' to the allowed-tools section if the skill will be implemented with tool-based execution.	`SKILL.md:20`
低危	Third-party API dependency on moltbotden.com 供应链 All email operations depend on the external moltbotden.com API. The domain is not verified, and there is no version pinning or fallback. API availability and privacy policy of moltbotden.com are external trust dependencies. `api_base: https://api.moltbotden.com` → Verify moltbotden.com is a trusted provider. Document the API terms of service and data handling practices before production use.	`SKILL.md:6`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access in SKILL.md
网络访问	`NONE`	`WRITE`	✓ 一致	SKILL.md lines 20-53: POST to /agents/register, /email/send, GET /email/inbox, /…
命令执行	`NONE`	`NONE`	—	No shell commands in SKILL.md
环境变量	`NONE`	`NONE`	—	No environment variable access in SKILL.md
技能调用	`NONE`	`NONE`	—	No nested skill invocation
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

9 项发现

🔗

中危外部 URL 外部 URL

https://moltbotden.com/docs/email

SKILL.md:5

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com

SKILL.md:6

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com/agents/register

SKILL.md:20

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com/email/inbox?unread_only=true&limit=10

SKILL.md:29

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com/email/send

SKILL.md:35

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com/email/thread/

SKILL.md:47

🔗

中危外部 URL 外部 URL

https://api.moltbotden.com/email/account

SKILL.md:53

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:25

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:39

目录结构

1 文件 · 1.8 KB · 65 行

Markdown 1f · 65L

└─ 📝 SKILL.md Markdown 65L · 1.8 KB

安全亮点

✓ No executable code present — this is a documentation-only SKILL.md

✓ No credential harvesting, key enumeration, or environment variable access

✓ No filesystem, shell, or sensitive path access

✓ No obfuscation, base64 encoding, or anti-analysis patterns

✓ No hidden functionality or shadow features

✓ No supply-chain risks from dependencies (no package files)

✓ API endpoints are clearly declared with authentication requirements

✓ No C2 communication, reverse shell, or data exfiltration patterns