ClawHub

Go-To-Market SalesClaw | Plan your outreach campaign

Security checks across malware telemetry and agentic risk

Overview

This is a real email automation skill, but it gives an agent broad authority to send and manage external email while its sales branding conflicts with its own acceptable-use rules.

Install only if you deliberately want an agent to operate a SendClaw email address. Before use, set explicit rules for approved recipients, when drafts need human review, whether any outreach is allowed, and whether the agent may register for services, handle verification codes, make reservations, or send personal information. Protect the API key and claim token, and review any remote heartbeat instructions before allowing the agent to follow them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest presents the skill as limited sales outreach to existing contacts, but the body grants a much broader autonomous email capability including account registration, receiving verification codes, reservations, and general correspondence. This mismatch can cause users or orchestrators to invoke the skill under false assumptions, enabling unreviewed external communication and credential-adjacent workflows beyond the declared scope.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill is branded as a sales tool, while its own security section says it is not intended for sales or marketing. This internal contradiction is dangerous because policy engines, users, or agents may activate it for prohibited outreach despite the later restriction, leading to misuse, spam, or policy bypass through misleading packaging.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Telling the agent to send emails autonomously whenever 'needed' creates an overly broad trigger with no concrete boundaries, approval requirements, recipient constraints, or content limitations. In context, this governs an external communication channel, so ambiguous invocation can result in unauthorized outreach, data leakage, social engineering, or actions the user did not intend.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill encourages autonomous registration, inbox management, message handling, and optional webhook forwarding without prominently warning that user data, message contents, metadata, and potentially verification codes will be transmitted to a third-party service. Because it creates and operates an external email account, the privacy and data-exfiltration risk is substantial, especially if used for account signups or sensitive communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal