ClawHub

mailbox.bot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate mailbox service integration, but it needs review because it can let an agent create an account and automate real-world mail actions, including irreversible disposal.

Install only if you are comfortable giving an agent controlled access to a real postal-mail service. Prefer signing up directly in your browser, use scoped agent keys instead of full account keys where possible, and require explicit human approval for shredding, disposal, forwarding, outbound mail, legal/government/tax correspondence, and expensive postage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to create an operator account by transmitting personal data and a password to an external service. That expands the skill from mail handling into identity/account provisioning and creates risk around credential handling, consent, and collection of sensitive onboarding data by the agent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The action flow normalizes creating accounts for operators whenever no API key is present, which broadens the allowed behavior beyond mailbox management into account provisioning. This can cause agents to request, store, or submit credentials and personal information to a third party without a clear trust boundary or strong user confirmation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly advertises destructive mail actions such as shred or discard while providing no warning about confirmation requirements, legal retention concerns, or the risk of irreversible loss of important correspondence. In this skill’s context, those actions are more dangerous because the product is designed for autonomous agent control over real physical mail, so ambiguous or overly permissive automation guidance could lead to destruction of legal, financial, or identity-related documents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The signup instructions ask the agent to send full name, email, password, and business needs to an external service, but do not require a prominent warning or explicit informed consent immediately before transmission. In a skill context, this is dangerous because agents may automate the transfer of sensitive user data to third parties without the operator understanding what is being sent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The decision framework instructs the agent to discard junk mail and elsewhere supports shred/dispose actions without requiring explicit confirmation or a strong irreversible-action warning. Because physical mail may contain misclassified legal, financial, or compliance documents, automated destructive handling can cause permanent loss of important records and missed deadlines.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal