Scan Report
0 /100
agentmail
API-first email platform for AI agents — create/manage inboxes, send/receive emails, webhooks
AgentMail is a legitimate API-first email service skill with no malicious behavior detected. All capabilities are declared, documented, and consistent with its stated purpose of programmatic email management.
Safe to install
No action needed. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | All HTTP calls go to api.agentmail.to REST endpoints |
| Environment | READ | READ | ✓ Aligned | AGENTMAIL_API_KEY read via os.getenv() in all scripts |
| Filesystem | NONE | READ | ✓ Aligned | send_email.py:81 reads attachment files for encoding; documented and necessary |
| Shell | NONE | NONE | — | No subprocess calls in any script |
| Skill Invoke | NONE | NONE | — | No cross-skill invocations |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No direct database access |
25 findings
Medium External URL 外部 URL
https://console.agentmail.to SKILL.md:20 Medium External URL 外部 URL
https://your-domain.com/webhook SKILL.md:75 Medium External URL 外部 URL
https://api.agentmail.to/v0 references/API.md:3 Medium External URL 外部 URL
https://your-app.com/webhook/support references/EXAMPLES.md:69 Medium External URL 外部 URL
https://your-app.com/webhook/tasks references/EXAMPLES.md:225 Medium External URL 外部 URL
https://your-app.com/tasks/ references/EXAMPLES.md:306 Medium External URL 外部 URL
https://ngrok.com/ references/WEBHOOKS.md:87 Medium External URL 外部 URL
https://abc123.ngrok-free.app references/WEBHOOKS.md:136 Medium External URL 外部 URL
https://abc123.ngrok-free.app/webhook references/WEBHOOKS.md:151 Medium External URL 外部 URL
https://myapp.com/webhook scripts/setup_webhook.py:7 Info Email 邮箱地址
[email protected] SKILL.md:36 Info Email 邮箱地址
[email protected] SKILL.md:84 Info Email 邮箱地址
[email protected] SKILL.md:89 Info Email 邮箱地址
[email protected] SKILL.md:102 Info Email 邮箱地址
[email protected] references/API.md:35 Info Email 邮箱地址
[email protected] references/API.md:159 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:297 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:404 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:428 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:428 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:440 Info Email 邮箱地址
[email protected] references/EXAMPLES.md:497 Info Email 邮箱地址
[email protected] references/WEBHOOKS.md:18 Info Email 邮箱地址
[email protected] scripts/check_inbox.py:7 Info Email 邮箱地址
[email protected] scripts/send_email.py:6 File Tree
8 files · 49.0 KB · 1729 lines Markdown 4f · 1219L
Python 3f · 505L
JSON 1f · 5L
├─
▾
references
│ ├─
API.md
Markdown
│ ├─
EXAMPLES.md
Markdown
│ └─
WEBHOOKS.md
Markdown
├─
▾
scripts
│ ├─
check_inbox.py
Python
│ ├─
send_email.py
Python
│ └─
setup_webhook.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
agentmail | unpinned | pip | No | Python SDK installed via pip; version not pinned in SKILL.md install instruction |
flask | unpinned | pip | No | Optional dev dependency for webhook test server only |
Security Positives
✓ No subprocess or shell execution — all operations use the agentmail SDK
✓ No credential exfiltration — AGENTMAIL_API_KEY is read only to initialize the SDK client
✓ No sensitive file access — no reads of ~/.ssh, ~/.aws, .env, or similar paths
✓ No obfuscation — no base64, eval, or encoded payloads
✓ No external IP connections — all API calls go to api.agentmail.to (documented service)
✓ No curl|bash or wget|sh remote script execution
✓ No hidden functionality — code matches SKILL.md documentation
✓ Proactive prompt injection awareness — SKILL.md documents webhook-based prompt injection risks and recommends Clawdbot allowlist filters
✓ Well-structured scripts with proper error handling and dependency checks
✓ Local webhook test server (Flask on localhost:3000) is development-only and clearly scoped