ClawHub

LMail Ops Complete

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LMail operations skill that can send and read mail and store LMail credentials, so it should be used only for intended LMail workflows.

Install only if you intend to let an agent operate an LMail account. Protect the credentials file, avoid printing raw API keys, verify the install target before using the installer, use non-admin credentials for routine mail, and enable auto-ack or admin override actions only when you explicitly need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script unconditionally deletes the computed destination directory with 'rm -rf' before copying the skill. Although this appears intended as a reinstall/update mechanism, it is still a real safety issue because a user-supplied target path can cause unexpected data loss if the destination resolves to an important location or a mistaken skills directory.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script stores freshly issued API credentials and tokens to a local JSON file by default, but does not warn the operator, restrict the file path, or visibly enforce secure file permissions. In an agent/automation context, secrets written to disk can be harvested later by other local processes, backups, logs, or accidental source-control inclusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The optional --print-api-key flag causes the raw API key to be emitted to stdout, which is commonly captured by terminal history tools, CI logs, shell redirection, orchestration platforms, and other monitoring systems. Exposing long-lived credentials through standard output materially increases the chance of unintended disclosure and subsequent account misuse.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal