ClawHub

Mail Skill

Security checks across malware telemetry and agentic risk

Overview

This mail skill appears purpose-built for email integration, but it needs Review because it can read, send, move, and delete mail while using broad triggers and an unpinned automatic installer.

Install only if you trust the mail-mcp upstream project and are comfortable giving it access to your mailbox. Prefer an app-specific password or dedicated mailbox, pin or review the dependency before installing, and require manual confirmation before sending, forwarding, deleting, moving, or changing folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very broad terms such as “mail”, “email”, and “附件”, which can cause the skill to activate in many ordinary contexts where the user did not intend to invoke email tooling. Because this skill can send mail and manipulate folders/messages, unintended activation increases the chance of privacy exposure or accidental destructive actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises deletion, move, copy, and folder management capabilities but does not warn users that these operations may be destructive or irreversible. In an agent setting, missing safety warnings can lead to accidental mailbox modification or data loss if the skill is invoked without clear user confirmation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes sending email, HTML content, and attachments through external IMAP/SMTP infrastructure but does not warn users that message bodies, recipients, and attachments will be transmitted to third-party mail servers. This omission creates a real privacy and data-handling risk, especially if users provide sensitive content assuming processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs a package directly from a GitHub repository using pip with --break-system-packages and does so automatically if the command is missing, without warning or confirmation. This can alter the system Python environment, bypass distribution package protections, and increase supply-chain risk because code is pulled from a live VCS source rather than a pinned, verified release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal