ClawHub

Assistant Mail

Security checks across malware telemetry and agentic risk

Overview

The skill appears to handle sensitive email operations beyond simple sending, and the broader mailbox access is not clearly disclosed up front.

Review this skill carefully before installing. Only grant it access if you intend it to read and modify mailbox data as well as send email, and use provider permissions or agent approval gates to limit destructive actions such as deleting messages or mailboxes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest and top-level description frame the skill as only sending email, but the documented tools and capability include mailbox creation/deletion, message retrieval, recipient management, and usage access. This mismatch can cause an agent integrator or user to grant or invoke the skill under false assumptions, leading to unintended access to sensitive mailbox contents or broader administrative actions.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The title and manifest emphasize outbound email sending, while the capability section quickly expands scope to direct mailbox and message data access. Even if technically accurate elsewhere in the file, this inconsistent framing increases the chance that reviewers, users, or policy systems underestimate the sensitivity of the skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes privacy-sensitive operations such as listing mailboxes, reading messages, deleting messages, managing recipients, and sending outbound email, but the documentation does not provide clear user-facing warnings about data sensitivity, consent, or the risk of sending or accessing communications. This omission makes accidental misuse more likely, especially in agent environments where tools may be invoked autonomously.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal