himalaya by openclaw — SAFE (2/10)
SecureSkill scanned himalaya by openclaw on 2026-04-24 using scanner version 0.1.0. Verdict: SAFE. Risk score: 2/10. No threats detected across 10 analysis layers. Platform: claude.
About this scan
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 7d3fab80-dfcf-4c2d-aea8-5a2021d8fa8e.
Risk Score2
Publisheropenclaw
TypeAGENT SKILL
Transparencyhigh
This skill appears to be a straightforward documentation package for the Himalaya terminal email client. It explains how to configure accounts, read mail, send messages, and use attachments, but it does not include any scripts or hidden automation. That means it cannot itself steal data or run commands on your machine. The only mild concern is that one example shows storing passwords directly in a config file, although the documentation also says that approach is only for testing and not recommended.
Package Info
SHA-2567d02d1e2a39f…
Size13.2 KB
What does this skill actually do?
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
Documents reading ~/.config/himalaya/config.toml for account configurationReferences credential helper commands such as pass and macOS security in examplesDescribes reading email from remote IMAP backends
Writes to
Documents creating or editing ~/.config/himalaya/config.tomlDocuments downloading attachments to ~/Downloads or ~/Downloads/himalaya
Talks to
Permissions Requested
Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools
Network Calls
https://github.com/pimalaya/himalayahttps://provider.com/oauth/authorizehttps://provider.com/oauth/tokenappleid.apple.comimap.example.comsmtp.example.comimap.gmail.comsmtp.gmail.comimap.mail.me.comsmtp.mail.me.com
File Writes
~/.config/himalaya/config.toml~/Downloads~/Downloads/himalaya