ClawHub

Resend Email Sender

Security checks across malware telemetry and agentic risk

Overview

The skill appears to send email through Resend as advertised, but it gives agents real outbound email-sending capability without clear confirmation or data-disclosure guardrails.

Install only if you want an agent to send real email through your Resend account. Use a dedicated least-privilege Resend API key, avoid sensitive or regulated content unless intentionally approved, and require manual review of recipients, subject, body, CC/BCC, and bulk sends before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly relies on environment variables and shell execution examples, but it does not declare corresponding permissions. That mismatch can prevent proper policy enforcement and user review, making it easier for the skill to access secrets or invoke commands without transparent authorization boundaries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description is broad enough that an agent may invoke the skill in routine communication scenarios without a strong confirmation boundary. Because the skill sends data to an external email provider, overbroad triggering can lead to unintended disclosure of message content, recipient addresses, or automated outbound actions the user did not clearly approve.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'From Agent' guidance tells the agent to use exec to send email when it 'needs to send email,' but does not define approval, scope, or safety checks. In an autonomous setting, this ambiguity can cause unauthorized outbound email, privacy leakage, spam-like behavior, or social-engineering amplification using the agent as a sender.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explains how to send email through Resend but does not clearly warn that recipient addresses and email contents will be transmitted to a third-party service. Without that disclosure, users or agents may treat the action as local-only, increasing the risk of unintentionally sending sensitive or regulated information outside the system boundary.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill sends email bodies, subjects, and recipient metadata to a third-party service without any explicit runtime notice or confirmation to the user that their data is leaving the local system. In an agent/tooling context, this can cause unintended disclosure of sensitive content or personal data if the caller assumes processing is local.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal