caduceusmail

The material describes a high-risk OpenClaw skill with capabilities to inject secrets into runtime, perform admin-level operations, and optionally fetch/execute external scripts with persistence options. While no explicit malicious code is shown, the design presents substantial security risks and potential attack surfaces suitable for supply-chain abuse if misused or exposed to adversaries. A thorough, code-level review is essential to verify secret handling, external script loading controls, privilege boundaries, and integrity safeguards.

SUSPICIOUS: the skill is internally coherent for Microsoft/Cloudflare mail operations, but it grants an AI agent high-privilege control over identity, DNS, and outbound email. No clear credential-exfiltration path is shown, yet the combination of broad secrets, optional secret persistence, and messaging automation creates high abuse risk disproportionate to many normal skills.