Back to skill

Security audit

DoctorClaw Email Digest

Security checks across malware telemetry and agentic risk

Overview

This email digest skill asks for sensitive inbox access, but that access is disclosed and fits its stated purpose.

Install only if you are comfortable granting the agent access to the selected inbox. Prefer read-only email permissions unless you need approved sending, keep the schedule and email limit narrow, use private delivery destinations, and review every draft before allowing any email to be sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger phrase "Check my email" is very broad, natural language that overlaps with ordinary conversation. In an agent environment, this can cause accidental invocation and unintended access to inbox contents, which is especially sensitive because the skill reads private email and may draft or later send replies based on that content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly supports delivering digests through external channels like Telegram or Discord, but it does not prominently warn that email-derived summaries, action items, and draft replies may contain sensitive personal, financial, legal, or business information. This creates a real risk of unintended data disclosure if users enable third-party delivery without understanding the privacy implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.