ClawHub

Proton Mail

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent broad Proton Mail account control and uses stealth browser settings without enough guardrails.

Use this only with an account you own and are comfortable exposing to an agent. Prefer a test or low-risk mailbox, avoid the stealth and no-sandbox browser flags unless you understand the risk, protect credentials and cookies like passwords, and require explicit review before any send, delete, move, or forwarding action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The documentation explicitly broadens the skill from email management into bot-detection evasion by recommending stealth launch flags and overriding navigator.webdriver. That materially increases abuse potential by helping automated access avoid provider defenses, which is not necessary for ordinary inbox automation and can facilitate unauthorized or policy-violating account access.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill includes concrete anti-detection browser manipulation such as --disable-blink-features=AutomationControlled and redefining navigator.webdriver to appear human-driven. In the context of a live email service, these measures directly undermine platform bot-detection controls and make the skill more suitable for covert or large-scale misuse.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill encourages reading and sending email from a real ProtonMail inbox but does not prominently warn that automation grants broad access to highly sensitive communications and can trigger account lockouts, unwanted sends, or privacy breaches. Because the target is an encrypted mail account, operational mistakes or misuse can have significant confidentiality and integrity consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Although the documentation advises using environment variables, it downplays the sensitivity of ProtonMail credentials and later mentions session-cookie reuse without strong warnings. For a mailbox skill, credentials and reusable sessions provide full inbox access, so weak guidance can lead to accidental secret leakage, credential persistence, or session theft.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal