ClawHub

Outlook-email

Security checks across malware telemetry and agentic risk

Overview

The skill describes a plausible Outlook email client, but it asks users to grant mailbox access and install unreviewed external code that is not included in the package.

Review the external CLI source before installing or granting Microsoft account access. Use a dedicated Azure app registration with the narrowest available permissions, test with a non-production mailbox first, confirm recipients and message bodies before any send or reply action, and revoke/delete stored tokens when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents commands that send and reply to emails, which are external and irreversible actions, but it does not clearly warn users that these operations will transmit real messages through Microsoft Graph. In an agent/skill context, missing confirmation and warning language increases the chance of unintended outbound email, accidental disclosure, or unauthorized communications if the skill is invoked carelessly or by another automated component.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes commands that can send and reply to real emails through Microsoft Graph, but the user-facing description/examples do not prominently warn that these actions affect a live mailbox. In an agent setting, this can lead to unintended outbound communication, data disclosure, or reputational harm if a user or automation invokes the commands assuming they are read-only or simulated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal