ClawHub

imap-idle-sender

Security checks across malware telemetry and agentic risk

Overview

The skill’s email-to-Feishu workflow is coherent, but it handles sensitive email content with local storage, logging, and third-party forwarding that appear under-scoped.

Review this carefully before installing. Use it only with a mailbox where forwarding subjects, sender details, summaries, and possible body excerpts to Feishu is acceptable. Check whether you can disable body excerpts, reduce logs, protect local state files, and define retention before using it on sensitive personal or business email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script persists email metadata and body excerpts to a local JSON file, which expands the data exposure surface beyond the stated real-time monitoring and Feishu notification purpose. Because the stored fields include sender, subject, timestamps, UID, and message body snippets, anyone with filesystem access or access to backups/log collections may recover sensitive email content.

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The logging function writes operational details to a local log file, and later code logs sender names, email addresses, and subjects. This creates an additional disclosure channel not reflected in the skill description, potentially exposing private correspondence through local files, centralized logging, or support bundles.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatically forwarding email-derived content, including sender, subject, and a message summary, to a Feishu user without an explicit privacy warning or consent step. Because emails often contain sensitive personal, business, or authentication information, silent onward transmission to a third-party messaging platform materially increases data-leakage risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script forwards email-derived content, including sender, subject, and body excerpt, to a Feishu account without any explicit consent prompt, disclosure, or configurable data-minimization controls. This can unintentionally exfiltrate sensitive information from email into a third-party messaging platform, which may have different retention, access, and compliance characteristics.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal