ClawHub

Daily Email Summary

Security checks across malware telemetry and agentic risk

Overview

This Gmail email-summary skill does what it says, but it handles sensitive mailbox content and stores a local OAuth token.

Install only if you are comfortable letting the agent read and summarize unread Gmail messages. Use a dedicated Google OAuth client with read-only Gmail access, protect the credentials file and token.json, verify the publisher/source because the homepage looks like a placeholder, and pin or review dependencies in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no explicit permissions despite clearly requiring environment-variable access, filesystem interaction, and network access to Gmail. This weakens user and platform visibility into sensitive capabilities, which is especially risky for a skill that accesses private mailbox data and likely stores or reads credential material.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose says the skill fetches recent emails and provides concise summaries, but the described behavior suggests narrower selection logic, mailbox authentication, and possible return of substantial raw email content. That mismatch can mislead users and agents about the sensitivity and scope of access, increasing the chance of over-collection or unintended disclosure of private email contents.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that ordinary requests about checking or reviewing email could trigger the skill without a strong confirmation boundary. Because the skill accesses a highly sensitive data source, ambiguous routing raises the risk of unintended mailbox access and disclosure of personal or business communications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill does not prominently warn users that invoking it will access Gmail data via the Gmail API using configured credentials. For a mailbox-reading skill, lack of explicit disclosure undermines informed consent and can cause users to expose sensitive communications without realizing the extent of access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill fetches full unread email metadata and body content, then prints it as JSON for agent consumption without any explicit user-facing warning, consent checkpoint, or minimization beyond truncation. In an agent setting, mailbox contents are often highly sensitive, so silently transmitting subjects, senders, snippets, and message bodies to the tool/output channel creates a real privacy and data-exposure risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth>=2.25.0
google-auth-oauthlib>=1.2.0
google-auth-httplib2>=0.2.0
google-api-python-client>=2.110.0
Confidence
90% confidence
Finding
google-auth>=2.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth>=2.25.0
google-auth-oauthlib>=1.2.0
google-auth-httplib2>=0.2.0
google-api-python-client>=2.110.0
Confidence
90% confidence
Finding
google-auth-oauthlib>=1.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth>=2.25.0
google-auth-oauthlib>=1.2.0
google-auth-httplib2>=0.2.0
google-api-python-client>=2.110.0
Confidence
90% confidence
Finding
google-auth-httplib2>=0.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
google-auth>=2.25.0
google-auth-oauthlib>=1.2.0
google-auth-httplib2>=0.2.0
google-api-python-client>=2.110.0
Confidence
91% confidence
Finding
google-api-python-client>=2.110.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal