ClawHub

Mailserver Maintenance

Security checks across malware telemetry and agentic risk

Overview

This is a coherent mailserver maintenance runbook, but it gives an agent powerful live mailserver and remote relay controls with under-disclosed credentials, shutdown actions, and a hardcoded external email test.

Install only if this is your mailserver and you intend to let an agent administer it. Before use, replace the hardcoded external email test with a controlled test mailbox or explicit confirmation step, require confirmation before shutdown/restart/queue-flush actions, document the Docker and SSH requirements, and fix SSH host key verification instead of using StrictHostKeyChecking=no.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill includes an end-to-end test that sends a real outbound email to an external recipient, even though the skill is described as maintenance-only and explicitly says it is not for mail usage. This expands the skill from diagnostics into real-world message transmission, creating risk of unauthorized data egress, spam, or accidental disclosure during testing.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Hardcoding a specific external recipient gives the skill a concrete capability to send email outside the system boundary, which is not justified by its stated maintenance purpose. In context, this makes misuse easier and can cause unintended outreach, leakage of message content, or operational abuse of the mail server.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill provides commands to stop the cloud relay and bring down the docker-mailserver stack without warning about service interruption. In an operational setting, this can directly disrupt mail flow, delay delivery, and create avoidable outages if invoked casually or automatically.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill can remotely start, stop, and restart scheduled tasks on a Windows relay host over SSH, but it does not clearly warn that these are administrative changes on another system. That omission increases the chance of unintended remote modifications and operational disruption, especially in an agent-driven workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal