ClawHub

Gmail Label Routing

Security checks across malware telemetry and agentic risk

Overview

This Gmail helper has a clear purpose, but it can make persistent Gmail routing changes and replace existing filters, so it should be reviewed before install.

Install only if you want an agent to manage Gmail labels, filters, and existing matching messages for your account. Use --dry-run first, confirm the exact senders and label, decide whether messages should leave INBOX, and avoid --replace-sender-filters unless you are comfortable losing existing routing rules for that sender.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to run a local Python workflow with shell execution, file access, and Gmail network operations, yet it declares no permissions or constraints. This creates a capability-transparency gap: an agent or reviewer may treat it as low-risk while it can modify mailbox state, access local OAuth material, and make networked API calls.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation text uses broad natural-language triggers like 'hazlo para varios remitentes' and 'haz lo mismo', which can overlap with ordinary conversation and cause accidental invocation. In this skill, accidental activation is more dangerous because the workflow performs real Gmail modifications, including retroactive relabeling and inbox removal.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example shows a destructive/behavior-changing option that replaces existing sender filters without warning about side effects, which can silently alter a user's Gmail routing rules. In this skill's context, the command is intended to manage mailbox organization, so the danger is not code execution but unintended loss of visibility, misrouting of mail, or overwriting previously configured filters if the example is copied blindly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal