ClawHub

At Email Cli

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward email CLI helper, but it can read and change a mailbox and send messages, so users should review email actions before use.

Install only if you intend to let the agent operate this AgentTeam mailbox. Treat the mailbox tokens like passwords, avoid printing them, confirm recipients and message bodies before sending or replying, and prefer pinned or verified CLI versions when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill’s activation scope is broad enough to trigger on many general email-related requests, which can cause the agent to invoke mailbox operations more often than necessary. In a security-sensitive context, over-broad activation increases the chance of unintended access to message metadata or content when a narrower skill or a clarifying question would have been safer.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs the agent how to send and reply to email but does not explicitly warn that message body content and recipient data will be transmitted to an external mail system. Without a clear user-consent step, the agent may forward sensitive information or contact unintended recipients based on ambiguous prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installation/update section directs the agent to execute packages via npx/npm or download binaries from releases, but it lacks a strong warning that this fetches and runs remote code. That creates a software supply-chain risk, especially if the package, dependency chain, or downloaded artifact is compromised.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal