himalaya
CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).
Potentially suspicious implementation signals detected: password.
โ๏ธ Quick review
No runtime postcard yet for this skill. Static evidence is available below, but the runtime lane has not touched it yet.
Before you install
- You are specifically looking for general / unreviewed workflows.
- Expect setup work: this skill references 11 env vars.
- Assume outside service calls are part of the story: 3 external domain references showed up.
- Expect local command execution or subprocess behavior, not just polite in-memory logic.
- Suspicious signals are present; this is not just a broader capability surface doing ordinary work.
- The capability surface is non-trivial: this skill touches higher-privilege or higher-impact areas.
- No runtime verdict yet, so you are leaning harder on static evidence and documentation quality.
Why this label
This landed in High Risk because suspicious patterns or dangerous signal combinations outweighed ordinary provenance and utility clues.
Uncertainty: Confidence is capped here because this entry relies more on metadata and heuristics than direct source evidence.
Capability surface and suspicious signals
Capability surface
These increase access or impact, but they are not the same thing as deceptive or malicious behavior.
Capability summary
+ 2 more
Suspicious behaviors
These are the signals that count much more heavily against the score.
Evidence
+ 8 more
Read this section in two layers: capability surface shows what the skill can touch, while suspicious signals show what looks deceptive or riskier than ordinary integrations.
๐งช Technical runtime details
No runtime suite recorded yet for this skill.
Publisher and provenance
Bundled with the local OpenClaw installation. That improves provenance clarity, but it does not eliminate privilege or external-action risk.
Source type: local-skill-dir
Source path: /home/claw1/.npm-global/lib/node_modules/openclaw/skills/himalaya
Manual review
No human review yet. The scorecard is currently static-analysis-first.
Community signals
Community signals
These are community attention markers, not crowd-sourced truth. Click what feels especially worth flagging or reviewing.
Related skills
model-usage
Use CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
video-frames
Extract frames or short clips from videos using ffmpeg.
skill-creator
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".