ClawHub

Atomic Mail

Security checks across malware telemetry and agentic risk

Overview

Atomic Mail is a disclosed email integration that stores local mail credentials and can read or send mail, so it is sensitive but purpose-aligned.

Install only if you want an agent to access this Atomic Mail inbox. Treat credentials.json and the JWT files as secrets, keep the credential directory private, review recipients and attachments before sending, and only schedule the hourly inbox agent job if you are comfortable with automated inbox summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Low
Confidence
77% confidence
Finding
The help text explicitly states that rotated session and capability JWTs are written back to disk, but it does not warn users that active bearer tokens will persist locally and may be usable by other local processes, backups, or misconfigured environments. While this file is documentation rather than executable code, documenting silent token persistence without surfacing security implications can contribute to unsafe deployment and credential exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The troubleshooting text explicitly advises copying an existing `credentials.json` into a credential directory, which normalizes manual handling and duplication of sensitive authentication material without any warning about secure storage, least privilege, or source verification. In an agent skill that manages email access, this can lead users or integrators to move reusable mailbox credentials between environments insecurely, increasing the chance of credential leakage or unintended account takeover.

Vague Triggers

Medium
Confidence
84% confidence
Finding
This preset provides a fully parameterized capability to send arbitrary email with arbitrary attachment content, recipients, subject, and sender mailbox context, but the file itself contains no guardrails about when the action is allowed or what user confirmation is required. In an agent setting, that makes unauthorized outbound email, data exfiltration, spam, or accidental transmission easier if higher-level orchestration is weak or prompt-influenced.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The preset uploads attachment bytes and transmits message content to a remote mail service, yet this file provides no disclosure, consent boundary, or safety interlock indicating that sensitive body text and attachments are leaving the local agent context. In a mail-sending skill this behavior is expected, but without explicit user-facing confirmation requirements it still creates a real risk of silent data exfiltration or accidental disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The prompt explicitly instructs an agent to access and summarize a user's inbox, which can expose highly sensitive communications and personal data. While inbox access is core to this skill's purpose, the helper text provides no privacy warning, consent checkpoint, or minimization guidance, increasing the chance an agent will process more email content than the user expects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly states that session-related JWTs are persisted to disk, but provides no warning or constraints around secure local storage, token lifetime, filesystem permissions, or multi-user host risks. In an email skill, persisted JWTs can grant continued access to inbox contents and sending capability if the local machine, agent workspace, logs, or backup artifacts are compromised.

Vague Triggers

Medium
Confidence
91% confidence
Finding
This preset provides a complete workflow to upload an attachment and send email, but the file itself contains no trigger scoping, user-confirmation requirement, recipient restrictions, or other activation constraints. In an agent context, that makes outbound email with attachments easy to invoke programmatically, which can enable spam, data exfiltration, or accidental transmission of sensitive files if higher-level controls are weak or absent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal