ClawHub

Cross Agent Mailbox

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for a local shared-file mailbox between agents, with privacy and permissions caveats but no hidden or deceptive behavior.

Use this only between trusted local agents. Set restrictive permissions on ~/.shared-mailbox, avoid putting secrets or sensitive user data in messages, validate filenames before writing or moving files, and review any cron/watchdog setup before enabling persistent checking.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes a shared mailbox implemented as ordinary files in a user-accessible directory, but it does not discuss basic security properties such as file permissions, filename sanitization, race conditions, or confidentiality of messages stored in plaintext. In a multi-agent or multi-process environment, another local process can read, tamper with, overwrite, or replace mailbox files, and unsafe archiving/moving can be abused if filenames or paths are not constrained.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs users to create and use directories under the home directory and later move files there, but it does not clearly warn that this modifies the local filesystem. In an agent skill context, undocumented filesystem writes can surprise users, create unintended persistence, and increase the chance that sensitive data is stored or manipulated without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The mailbox design stores inter-agent messages as plaintext Markdown files on disk, yet the description does not warn users that message contents may remain readable to other local users, backups, or forensic tools. Because these messages may contain prompts, secrets, or user data, the lack of a privacy warning materially increases the risk of accidental disclosure.

Session Persistence

Medium
Category
Rogue Agent
Content
### 1. 创建信箱目录

```bash
mkdir -p ~/.shared-mailbox/{agent-a-to-b,agent-b-to-a}/{archive}
```

### 2. 创建通信协议文件
Confidence
82% confidence
Finding
mkdir -p ~/.shared-mailbox/{agent-a-to-b,agent-b-to-a}/{archive} ``` ### 2. 创建通信协议文件 ```bash cat > ~/.shared-mailbox/README.md << 'EOF' # 跨Agent通信信箱 ## 目录结构 - agent-a-to-b/: Agent A 发给 Agent B 的信件

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal