Medium Risk
"Email writing assistant. 邮件写作、邮件助手、商务邮件、business email、英文邮件、English email、求职邮件、job application email、跟进邮件、follow-up email、冷启动邮件、cold email、道歉邮件、apology email、回复邮件、reply email、邮件模板、email template、外贸邮件、催款邮件、感谢邮件、邀请邮件、通知邮件、邮件序列、email sequence、邮件主题行、subject line、高打开率、拒绝邮件、decline email。Generate business, follow-up, cold outreach, apology, reply emails, email sequences (sales/cooperation/collection/recruitment), template library (thanks/notice/invitation/decline/collection), and high-open-rate subject lines. Use when: (1) writing business/professional emails, (2) crafting follow-up emails, (3) writing cold outreach emails, (4) composing apology emails, (5) replying to emails with appropriate tone, (6) creating email sequences for sales or recruitment, (7) generating email templates for common scenarios, (8) writing high-open-rate subject lines, (9) any email writing task in Chinese or English. 适用场景:写商务邮件、跟进邮件、冷启动邮件、道歉邮件、回复邮件、邮件序列、邮件模板库、主题行优化。中英双语支持。 Triggers on: email writer."
H:3 D:3 A:0 C:1
⚠️ Hazard Flags
EXEC FS_READ_USER NET_EGRESS_ANY CREDS_ENV CREDS_FILES PI_WEB
📋 Capabilities
Execution
- ✅ Shell execution
- ❌ Code execution
- ❌ Install dependencies
- ❌ Persistence
- Privilege: user
Filesystem
- ❌ Read workspace
- ❌ Write workspace
- ✅ Read home
- ❌ Write home
- ❌ Read system
- ❌ Delete
Network
- Egress: any
- ❌ Ingress
Credentials
- ✅ Environment vars
- ✅ Credential files
- ❌ Browser data
- ❌ Keychain
Actions
❌ send messages❌ post public❌ purchase❌ transfer money❌ deploy❌ delete external
🔒 Containment
Level: elevated
Required:
- SANDBOX_CONTAINER: Code execution capability
Recommended:
- LOG_ACTIONS: Audit trail for all actions
⚡ Risks
Unauthorized tool use: MCP_SYS_CRITICAL_ACCESS high
Mitigation: Avoid accessing system directories unless absolutely necessary.
Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION low
Mitigation: Provide clear, detailed description of skill functionality
Want a deeper analysis?
This report was generated by static analysis. Get an LLM-powered deep review with behavioral reasoning and attack surface mapping.
🧠 Deep Analysis — $5.00🚨 Incident Response
Kill switch: Stop the agent process
Containment: Review logs for unexpected actions
Recovery: Depends on skill capabilities
📄 Raw SSDS JSON click to expand
{
"meta": {
"document_id": "ssds:auto:email-writer:2.3.3",
"ssds_version": "0.2.0",
"scanner_version": "0.4.0+fe6fd9123d50",
"created_at": "2026-03-16T13:50:57.410Z",
"created_by": {
"agent": "safeagentskills-cli/generate-ssds"
},
"language": "en",
"notes": "Auto-generated SSDS. Manual review recommended."
},
"skill": {
"name": "Email Writer",
"version": "2.3.3",
"format": "agent_skill",
"description": "\"Email writing assistant. 邮件写作、邮件助手、商务邮件、business email、英文邮件、English email、求职邮件、job application email、跟进邮件、follow-up email、冷启动邮件、cold email、道歉邮件、apology email、回复邮件、reply email、邮件模板、email template、外贸邮件、催款邮件、感谢邮件、邀请邮件、通知邮件、邮件序列、email sequence、邮件主题行、subject line、高打开率、拒绝邮件、decline email。Generate business, follow-up, cold outreach, apology, reply emails, email sequences (sales/cooperation/collection/recruitment), template library (thanks/notice/invitation/decline/collection), and high-open-rate subject lines. Use when: (1) writing business/professional emails, (2) crafting follow-up emails, (3) writing cold outreach emails, (4) composing apology emails, (5) replying to emails with appropriate tone, (6) creating email sequences for sales or recruitment, (7) generating email templates for common scenarios, (8) writing high-open-rate subject lines, (9) any email writing task in Chinese or English. 适用场景:写商务邮件、跟进邮件、冷启动邮件、道歉邮件、回复邮件、邮件序列、邮件模板库、主题行优化。中英双语支持。 Triggers on: email writer.\"",
"publisher": "ClawHub",
"source": {
"channel": "clawhub",
"slug": "email-writer",
"owner": "bytesagain",
"downloads": 259,
"stars": 1
},
"artifact": {
"sha256": "ae816d92c1224b855138dea53158aab4cc52897d7df1fd73cfd06c35ec281329",
"hash_method": "files_sorted"
}
},
"capabilities": {
"execution": {
"can_exec_shell": true,
"can_exec_code": false,
"privilege_level": "user",
"can_install_deps": false,
"can_persist": false
},
"filesystem": {
"reads_workspace": false,
"reads_user_home": true,
"reads_system": false,
"writes_workspace": false,
"writes_user_home": false,
"writes_system": false,
"can_delete": false
},
"network": {
"egress": "any",
"ingress": false
},
"credentials": {
"reads_env_vars": true,
"reads_credential_files": true,
"reads_browser_data": false,
"reads_keychain": false
},
"services": [],
"actions": {
"can_send_messages": false,
"can_post_public": false,
"can_purchase": false,
"can_transfer_money": false,
"can_deploy": false,
"can_delete_external": false
},
"prompt_injection_surfaces": [
"web"
],
"content_types": [
"general"
]
},
"hazards": {
"hdac": {
"H": 3,
"D": 3,
"A": 0,
"C": 1
},
"flags": [
"EXEC",
"FS_READ_USER",
"NET_EGRESS_ANY",
"CREDS_ENV",
"CREDS_FILES",
"PI_WEB"
],
"custom_flags": [
{
"code": "TOOL_ABUSE",
"name": "Unauthorized Tool Use",
"description": "MCP_SYS_CRITICAL_ACCESS: Access to critical system directories"
},
{
"code": "SOCIAL_ENGINEERING",
"name": "Social Engineering Risk",
"description": "SOCIAL_ENG_VAGUE_DESCRIPTION: Skill description is too vague or missing"
}
],
"confidence": {
"level": "medium",
"basis": [
"static_analysis"
],
"notes": "Detected 2 security patterns (3 vendored rule hits). Review recommended."
},
"rationale": {
"H": "H3: Shell/code execution or persistence detected",
"D": "D3: Credential access detected",
"A": "A0: No side effects detected",
"C": "C1: General content"
}
},
"containment": {
"level": "elevated",
"required": [
{
"control": "SANDBOX_CONTAINER",
"reason": "Code execution capability"
}
],
"recommended": [
{
"control": "LOG_ACTIONS",
"reason": "Audit trail for all actions"
}
],
"uncontained_risk": "Risk level depends on manual review of actual capabilities."
},
"risks": {
"risks": [
{
"risk": "Unauthorized tool use: MCP_SYS_CRITICAL_ACCESS",
"severity": "high",
"mitigation": "Avoid accessing system directories unless absolutely necessary."
},
{
"risk": "Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION",
"severity": "low",
"mitigation": "Provide clear, detailed description of skill functionality"
}
],
"limitations": [
"Static analysis only - runtime behavior not verified"
]
},
"incident_response": {
"kill_switch": [
"Stop the agent process"
],
"containment": [
"Review logs for unexpected actions"
],
"recovery": [
"Depends on skill capabilities"
]
},
"evidence": [
{
"evidence_id": "EV:file-1",
"type": "file_excerpt",
"title": "_meta.json",
"file_path": "_meta.json"
},
{
"evidence_id": "EV:file-2",
"type": "file_excerpt",
"title": "SKILL.md",
"file_path": "SKILL.md"
},
{
"evidence_id": "EV:file-3",
"type": "file_excerpt",
"title": "scripts/script.sh",
"file_path": "scripts/script.sh"
},
{
"evidence_id": "EV:file-4",
"type": "file_excerpt",
"title": "scripts/email.sh",
"file_path": "scripts/email.sh"
},
{
"evidence_id": "EV:cisco-1",
"type": "file_excerpt",
"title": "SOCIAL_ENG_VAGUE_DESCRIPTION [LOW] SKILL.md:1: ---",
"file_path": "SKILL.md"
},
{
"evidence_id": "EV:cisco-2",
"type": "file_excerpt",
"title": "MCP_SYS_CRITICAL_ACCESS [HIGH] scripts/script.sh:1: #!/usr/bin/env bash",
"file_path": "scripts/script.sh"
},
{
"evidence_id": "EV:cisco-3",
"type": "file_excerpt",
"title": "MCP_SYS_CRITICAL_ACCESS [HIGH] scripts/email.sh:1: #!/usr/bin/env bash",
"file_path": "scripts/email.sh"
}
]
}