ClawHub

OKKI Email Sync

Security checks across malware telemetry and agentic risk

Overview

This looks like a genuine OKKI CRM sync skill, but it automatically copies email and quotation details into CRM and local temp files without enough scoping or privacy controls.

Review before installing. Use a least-privilege OKKI account, verify the OKKI CLI and vector-search paths, restrict which workflows can trigger syncing, decide whether email body excerpts and attachment names may be copied into CRM, and move or protect the /tmp state/log files before processing sensitive customer communications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The module allows the Python interpreter path and script paths to be overridden by environment variables, then executes them with `execFile`. In an agent/runtime context where environment variables may be influenced by deployment configuration or other components, this creates a general-purpose code execution primitive that can run arbitrary local programs or scripts with the skill's privileges.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly describes automatically syncing email activities and quotation events into OKKI CRM records, including examples that pass subject and body content into the sync flow, but it does not warn users that potentially sensitive message content will be transmitted to an external CRM system. This creates a real privacy and data-governance risk because operators may enable the feature without understanding that customer communications, quotations, and related metadata are being copied into another platform.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to automatically copy email content, metadata, and quotation information into a CRM, yet the documentation does not present a clear privacy warning, consent expectation, or data-handling notice. In practice, this can cause unreviewed transfer of sensitive business communications or personal data to a third-party system, increasing compliance and confidentiality risk.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The documentation states that unmatched emails are logged locally, including email/domain/reason data, without warning users that potentially sensitive identifiers will be written to local files under /tmp. Such logs can expose customer contact data, leak internal communication patterns, or be read by other local users/processes if file permissions are weak.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Unmatched email addresses and failure reasons are appended to a plaintext log in `/tmp` without access controls or disclosure. Email addresses are personal/business data, and logging them to a shared temporary location can expose sensitive contact information to other local users, processes, or later forensic collection.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Processed-record persistence writes message/quotation identifiers and CRM metadata to disk in a temp-backed JSON file without protection or disclosure. This can leak communication activity, internal IDs, and processing history, and the temp location also increases tampering risk for the deduplication state.

Missing User Warnings

High
Confidence
96% confidence
Finding
The vector-search fallback sends the email address, subject, and up to 200 characters of body content to an external Python script. That is a cross-component transfer of potentially sensitive communications data without explicit consent, minimization, or trust boundary enforcement, and the receiving script path is itself configurable elsewhere in the module.

Missing User Warnings

High
Confidence
95% confidence
Finding
The module transmits detailed email contents—including subject, timestamps, sender/recipient, body excerpt, and attachment names—into OKKI CRM automatically. In this skill's context that behavior is core functionality, but it still creates a real privacy/security risk because sensitive message data may be copied into a broader-access system without confirmation, filtering, or classification controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal