ClawHub

Gmail Checker

Security checks across malware telemetry and agentic risk

Overview

This Gmail checker does what it says, using Google OAuth read-only access to summarize unread mail, but its saved credentials must be handled like secrets.

Install only if you are comfortable granting read-only Gmail access. Run setup on a trusted machine, keep <DATA_DIR>/gmail.json private, avoid pasting OAuth secrets into chat or logs, and use the skill only when you explicitly want it to check Gmail.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions while clearly instructing the agent to use network access, shell execution, environment variables, and local file writes for OAuth setup and Gmail access. This mismatch can bypass user or platform expectations about what the skill is allowed to do, increasing the chance of over-privileged execution and unnoticed access to sensitive mailbox data and stored credentials.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are very broad and map to common conversational requests such as 'Check my emails' or 'Any new mail?', which can cause the skill to trigger implicitly without a clear security boundary. In this context, unintended activation is meaningful because the skill accesses private Gmail content and potentially stored OAuth credentials, so accidental invocation can disclose sensitive information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'When to Use' section repeats ambiguous, everyday email-related requests without defining when the skill should not activate or whether the user means Gmail specifically. Because this skill reads inbox data, weak activation boundaries increase the risk of the agent selecting it for generic email-summary requests and exposing private content from a connected account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description and setup text do not prominently warn users that the skill will access Gmail data and rely on stored OAuth credentials in a local data directory. That omission weakens informed consent and can cause users to authorize or reuse credentials without understanding that mailbox contents and tokens are being accessed and persisted on disk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup guide tells the agent to ask the user for an OAuth Client ID and Client Secret without any guidance that these are sensitive credentials or that they should not be retained, logged, or exposed beyond the setup flow. In an agent context, asking users to paste secrets into chat can normalize unsafe secret handling and may leak the OAuth client secret into conversation history, telemetry, or downstream tools.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal