ClawHub
Back to skill

Security audit

Email Template

Security checks across malware telemetry and agentic risk

Overview

The advertised email-template generator is mostly coherent, but the package also ships an unrelated command script that persists user arguments locally without clear disclosure.

Review before installing. Use the documented scripts/emailtpl.sh path for email templates, and avoid passing private business text, secrets, or personal data to the unrelated scripts/script.sh command unless the publisher clarifies or removes its logging and AI-assistant behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's behavior materially contradicts the declared skill purpose: instead of providing an email-template library, it exposes an unrelated AI/prompt-engineering assistant. This kind of capability mismatch is dangerous because it can hide undeclared functionality from reviewers and users, undermining trust and enabling covert behavior under a misleading manifest.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The embedded documentation and help text repeatedly identify the tool as an 'AI and prompt engineering assistant,' directly contradicting the advertised email-template purpose. In skill ecosystems, misleading self-description is a security concern because it suggests intentional deception or supply-chain mislabeling, making hidden or undeclared behavior more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script logs command usage and user-supplied arguments to a history file without clear disclosure, consent, retention limits, or redaction. In this context, users may pass sensitive prompt content, business information, or personal data as arguments, so silent local logging creates a privacy and data exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal