temporam-temp-mail Security Report — Trusted | ClawSafe

0 /100

temporam-temp-mail

Temporary email receiving functionality using the Temporam API — generates disposable email addresses, lists emails, and retrieves email content

This is a legitimate temporary email utility skill that communicates exclusively with the declared Temporam API. No hidden functionality, credential theft, code execution, or data exfiltration was found.

Skill Nametemporam-temp-mail

Duration25.6s

Enginepi

✓

Safe to install

No action needed. The skill is safe to use.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	mcp_server.py:10 'BASE_URL = https://api.temporam.com/v1'; scripts/client.py:7 '…
Environment	`READ`	`READ`	✓ Aligned	mcp_server.py:11 'API_KEY = os.environ.get("TEMPORAM_API_KEY")'; scripts/client.…
Filesystem	`NONE`	`NONE`	—	No file read/write operations found in mcp_server.py or scripts/client.py
Shell	`NONE`	`NONE`	—	No subprocess, os.system, or shell execution calls found

1 High 6 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your_api_key_here"

README.md:43

🔗

Medium External URL 外部 URL

https://keepachangelog.com/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://semver.org/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://www.temporam.com/docs/api-reference

README.md:3

🔗

Medium External URL 外部 URL

https://api.temporam.com/v1

mcp_server.py:10

📧

Info Email 邮箱地址

[email protected]

references/api_reference.md:53

File Tree

9 files · 18.8 KB · 601 lines

Markdown 4f · 279L Python 2f · 147L YAML 1f · 114L JSON 2f · 61L

├─ ▾ 📁 references

│ └─ 📝 api_reference.md Markdown 84L · 2.5 KB

├─ ▾ 📁 scripts

│ └─ 🐍 client.py Python 97L · 4.0 KB

├─ 📝 CHANGELOG.md Markdown 15L · 590 B

├─ 📋 clawhub.json JSON 12L · 744 B

├─ 🐍 mcp_server.py Python 50L · 1.5 KB

├─ 📋 openapi.yaml YAML 114L · 2.9 KB

├─ 📝 README.md Markdown 80L · 1.9 KB

├─ 📝 SKILL.md Markdown 100L · 3.5 KB

└─ 📋 tool_definition.json JSON 49L · 1.1 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`unspecified`	pip	No	Standard HTTP library, no version pinning in docs but no malicious usage observed
`mcp`	`unspecified`	pip	No	Model Context Protocol library from FastMCP, no version pinning in docs but no malicious usage observed

Security Positives

✓ All network requests go exclusively to the declared https://api.temporam.com/v1 endpoint

✓ API key is handled exclusively through environment variables with proper validation

✓ No filesystem access, shell execution, or sensitive path traversal

✓ No obfuscation (no base64, eval, or dynamic code generation)

✓ No credential harvesting or environment variable enumeration

✓ No hidden functionality — code exactly matches documented behavior

✓ Dependencies (requests, mcp) are well-established libraries with no malicious indicators

✓ No supply chain risks detected in the codebase

Scan Report

File Tree

Dependencies 2 items

Security Positives