Back to skill

Security audit

Openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a coherent hosted email API skill, but it gives agents sensitive mailbox, 2FA, account-registration, payment, webhook-secret, and DNS-changing abilities without enough user-control safeguards.

Install only if you intend to let an agent operate an external mailbox through AgenticBoxes. Use least-privilege API keys, avoid routing secrets or 2FA/account-recovery mail unless explicitly approved, and require human confirmation for account creation, payments, credit top-ups, outbound outreach, webhook-secret handling, box deletion, and DNS changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly routes email sending and receiving through a third-party hosted API but does not clearly warn users that message bodies, attachments, addresses, and related metadata will leave the local environment and be processed by that service. This can lead agents or operators to transmit sensitive content without informed consent, especially because the skill encourages use for sign-ups, 2FA codes, and third-party account workflows.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The documentation tells the agent to retrieve the webhook signing secret via `GET /account/webhook` but does not warn that this returns credential material that must not be logged, echoed, or exposed to untrusted components. If mishandled, an attacker who obtains the secret could forge webhook signatures and spoof trusted events.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
(`register` or `byo_delegated`), edit the Route 53 zone agenticboxes hosts:

- `GET /domain/dns` — list records.
- `POST` / `PUT` / `DELETE /domain/dns` — add / change / remove a record. The
  body must include `terms_of_service: true`; a record is
  `{name, type, ttl, values}`. The records carrying your agent email are
  reserved read-only.
Confidence
73% confidence
Finding
DELETE /domain/dns`

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.