ClawHub

Email Send Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can send real email using your SMTP credentials without strong confirmation safeguards and it ships an affected Nodemailer dependency.

Review before installing. Use only with SMTP credentials you are comfortable granting to the agent, require a visible final approval step for every email, and prefer an updated version that pins a patched Nodemailer release and validates recipients and content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger condition '当用户请求发送邮件时触发' is very broad and can match many ordinary user requests without requiring confirmation, recipient validation, or scope limits. In a skill that can send arbitrary outbound email using stored SMTP credentials, ambiguous activation increases the risk of unauthorized or unintended email transmission, spam, and data exfiltration.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The AI guidance says to use exec to send mail whenever a user requests sending email, but it does not impose constraints such as confirmation, allowlists, rate limits, or validation of recipients and content. Because this skill directly invokes a script that uses sensitive SMTP credentials, an overly permissive activation path materially raises the chance of abuse for phishing, spam, or sending sensitive information outside the system.

Known Vulnerable Dependency: nodemailer==6.9.0 — 5 advisory(ies): GHSA-9h6g-pr28-7cqp (nodemailer ReDoS when trying to send a specially crafted email); GHSA-c7w3-x93f-qmm8 (Nodemailer has SMTP command injection due to unsanitized `envelope.size` paramet); CVE-2025-13033 (Nodemailer: Email to an unintended domain can occur due to Interpretation Confli) +2 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
nodemailer==6.9.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal