ClawHub

Imap Smtp Email Fixed

Security checks across malware telemetry and agentic risk

Overview

This email skill mostly does what it says, but its default configuration and setup flow create credential and TLS safety concerns that users should review before installing.

Install only if you are comfortable giving this skill access to an email account that can read mail and send real messages. Use an app-specific password, replace the bundled config.env with your own settings, keep certificate verification enabled, ensure ~/.openclaw/.env exists with restrictive permissions before running setup, and rotate the email credential if it was ever printed in terminal output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The `test` command is presented as a connection test, but it performs `sendMail()` to the configured account, causing a real outbound email to be transmitted. In an agent skill context, this is a capability mismatch that can trigger unintended side effects, spam, or policy violations when a caller expects a non-destructive connectivity check.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code comment and command semantics say 'Test SMTP connection', but the implementation sends an actual email. This misleading behavior is dangerous because users, orchestrators, or higher-level agents may invoke it assuming it is side-effect free, leading to unintended message delivery.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documented functionality includes sending email to arbitrary recipients and downloading attachments to disk, but the user-facing description does not prominently warn that this can exfiltrate local data externally or write potentially sensitive/untrusted files to the filesystem. In an agent setting, insufficient disclosure can lead users to authorize actions without understanding the privacy and safety consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `test` command sends a real email without explicit warning, despite sounding like a harmless connectivity check. In an automation setting, this creates an unexpected external side effect and can disclose the existence of the account, generate unwanted mail traffic, or be abused by workflows that assume tests are non-sending.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script collects an email password and persists it to local environment files, but it does not clearly warn the user before credential entry that the secret will be stored on disk. This increases the chance that users disclose a primary mailbox password or app password without understanding the persistence and exposure implications, especially because one copy may be written into the skill directory and another into ~/.openclaw/.env.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal