ClawHub

Resend Skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Resend API documentation skill, but users should treat its email, automation, log, attachment, and API-key examples as production-impacting guidance.

Install only if you intend to let an agent help with Resend. Use a least-privilege Resend API key, keep secrets in environment variables, and require explicit confirmation before sending emails or broadcasts, creating or deleting API keys, changing webhooks/domains/contacts, retrieving raw logs or attachments, or enabling automations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description says to "always use this skill when the user mentions Resend," which is overly broad routing guidance and can cause the agent to invoke this skill even when the user's intent is unrelated or only tangentially mentions Resend. Over-broad invocation increases the chance of unnecessary access to sensitive email-operation guidance and can lead to inappropriate actions being taken in the wrong context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples create automations with `status: 'enabled'`, which can cause workflows to become active immediately and start sending emails or modifying data as soon as matching events occur. In a production-facing email automation skill, this increases the risk of accidental bulk sends, unintended contact mutations, and compliance issues if users copy-paste examples without realizing they are live on creation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Python example shows an API key assigned directly in source code (`resend.api_key = "re_xxxxxxxxx"`) without any warning to use environment variables or secret management. In documentation for an email API, this pattern can normalize hardcoding credentials and lead users to embed real production keys in code, repos, logs, or screenshots, increasing the chance of credential leakage and unauthorized email access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly demonstrates retrieving and printing full `request_body` and `response_body` values from API logs without warning that these fields may contain sensitive data such as recipient addresses, message content, API payloads, or identifiers. In a logging feature, normalizing direct console output of raw bodies can lead to accidental disclosure into terminal history, CI logs, support tooling, or shared observability systems.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The attachment examples encourage fetching and handling `download_url` values for sent email attachments without warning that these URLs expose potentially sensitive email contents and should be treated like temporary secrets. In an email-management skill, attachments commonly contain invoices, personal data, or internal documents, so omission of handling guidance can lead developers to log, share, cache, or fetch them in insecure contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal