ClawHub

Agentmail

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AgentMail email-inbox skill, but it gives the agent broad outbound email and service sign-up authority without clear approval boundaries.

Install only if you want the agent to operate AgentMail-owned inboxes and you will supervise outbound messages, forwarding, inbox deletion, service registrations, and verification-code use. Protect the API key, avoid committing the config file, consider pinning or reviewing the MCP package, and treat incoming messages and attachments as untrusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly enables autonomous email sending, receiving, and service sign-up flows, including reading verification emails, but provides no privacy, consent, or policy guardrails. In an agent context, this can facilitate unsolicited outreach, unauthorized account creation, or handling of sensitive communications without clear user approval boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup instructions tell users to paste a live AgentMail API key directly into a local config file, but do not include credential-handling precautions such as file permission hardening, secret rotation, or avoiding accidental check-in to source control. This increases the chance of credential leakage and unauthorized access to the agent-owned mailboxes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal