ClawHub

da-fu-da-gui

Security checks across malware telemetry and agentic risk

Overview

The skill matches an email auto-reply purpose, but it asks to connect a mailbox and then sends replies in the background without enough control or permission details.

Review before installing. Use only with a low-risk mailbox or test account unless you are comfortable with automatic replies being sent from the connected account, and look for documented controls for permissions, approval mode, rate limits, logs, pause/disable, and reply-history deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to authorize and bind their mailbox account, then states it will automatically begin working in the background, but it does not clearly warn that it may autonomously send emails on the user's behalf. This creates a meaningful consent and safety issue: users may grant mailbox access without fully understanding that outbound messages will be generated and sent automatically, which can lead to unintended communications, reputational harm, or business impact.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keywords "自动回复,收到邮件" are broad and closely map to common email-related utterances, which increases the chance of accidental activation during normal conversation. If triggered unintentionally, the skill could respond or act in contexts the user did not intend, creating unauthorized behavior or information disclosure depending on what the skill does after activation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal