ClawHub

Crinkl Claws

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed receipt-verification workflow, but users should understand it sends raw billing emails to Crinkl and keeps a reusable API key.

Install only if you are comfortable letting an agent periodically find recent billing emails and send the full raw receipt messages to Crinkl for verification. Prefer the dedicated AgentMail inbox if you do not want access to your main Gmail account, and revoke the Crinkl API key or clear stored message IDs when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to obtain, store, and persist a reusable API credential (`CRINKL_API_KEY`) and explicitly says to keep it for future cycles, but it does not require secure secret storage, scope restriction, rotation guidance, or explicit user consent for ongoing use. A leaked or mishandled key could let another party impersonate the agent to query account-linked data or submit receipts against the user's wallet context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to search a user's Gmail or AgentMail for billing emails and retrieve raw RFC 2822 messages, which can contain sensitive personal and financial data far beyond receipt totals. Although it narrows searches to vendor domains and recent messages, it still authorizes broad access to inbox contents without an explicit privacy notice, clear consent checkpoint, or data minimization requirement.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill instructs the agent to transmit full base64-encoded raw emails to an external service along with an account-linked API key, which exposes complete message contents, headers, addresses, and potentially unrelated sensitive data to a third party. This is especially risky because the transfer is automated each cycle and the user is not explicitly warned that full raw emails—not just extracted receipt fields—will be sent off-platform.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest trigger list includes broad, common phrases such as 'receipt', 'billing email', 'lightning', and 'passive income', which can cause the skill to activate in unrelated conversations. Because this skill can lead to access to email data and external service interaction, unintended invocation increases the chance of unnecessary exposure of sensitive billing messages or user confusion about what is being authorized.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal