🟡 Medium Risk Audited: Feb 5, 2026

email-send-skill

Send emails via SMTP using nodemailer. Supports multiple email accounts and address book functionality.

View Repository →

📋 Audit Summary

Author chaojimct
Category Messaging
License MIT
Dependencies 1 npm package (nodemailer)
Install Command git clone https://github.com/chaojimct/openclaw-email-send-skill.git

🔍 Security Analysis

⚠️ Network Access

Uses nodemailer to connect to SMTP servers. All SMTP traffic is encrypted (TLS/SSL) based on configuration.

⚠️ Credential Storage

Stores SMTP credentials (passwords, app tokens) in config.json file. File is gitignored by default but stored in plaintext locally.

⚠️ Filesystem Access

Reads config.json and contacts.json from disk. Writes are limited to log output only.

✅ No Shell Execution

No child_process or shell execution calls found. Pure Node.js implementation.

📦 Dependencies

  • nodemailer@^6.9.15 - SMTP client library (well-maintained, widely used)
6.5
Trust Score / 10
Medium Risk - Use with standard precautions

🎯 Permissions

network filesystem credentials

✅ Best Practices

  • • Config files gitignored by default
  • • Example configs provided
  • • No shell execution
  • • Well-documented setup

⚠️ Recommendations

  • • Use app-specific passwords
  • • Secure config file permissions
  • • Never commit credentials
  • • Consider credential encryption