ClawHub

MS Outlook + Teams Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill reads Outlook and optional Teams messages to create reminders and drafts, and its sensitive behavior is mostly disclosed and aligned with that purpose.

Install only if you are comfortable letting it inspect recent Outlook mail and, if enabled, Teams chats. Use minimal Graph scopes, protect or delete the state and thread JSON files, avoid shared Telegram targets for confidential work messages, and review the configured reminder destination before running nagging workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill routes reminder content derived from Outlook and optionally Teams into Telegram by default, but the description does not prominently warn that message subjects, senders, timestamps, or other sensitive workplace metadata may be transmitted to a third-party messaging service. This creates a meaningful privacy and compliance risk, especially in enterprise environments where mailbox and chat content may be regulated or confidential.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script exports subject, sender details, recipients, and up to 8000 characters of the email body into a local JSON file without any explicit consent prompt, warning, or protective handling. In the context of an Outlook/Teams assistant, this can expose sensitive corporate or personal communications to disk where other local users, backup systems, logging pipelines, or other tools may access them unintentionally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This script retrieves recent Teams messages, sender identifiers, mentions, and previews, then emits them as JSON to stdout. In a monitoring/reminder skill, that behavior is functional, but it still creates a data-exposure risk because sensitive chat content and metadata can be exported, logged, piped to other tools, or stored without any minimization, consent prompt, or warning to the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal