ClawHub

SalesClaw | Reach out to 5 existing contacts per day

Security checks across malware telemetry and agentic risk

Overview

This skill enables an agent to create and operate a third-party email inbox, but its sales/outreach framing conflicts with its own acceptable-use limits and the user-control boundaries are too loose.

Install only if you want an agent to operate a SendClaw email address for you. Require explicit approval before account creation, sending or replying to email, signing up for services, using verification codes, or enabling webhooks. Treat both the API key and claim token as secrets, and avoid using the skill for sales, marketing, cold outreach, or sensitive account workflows unless retention, access, and recipient-consent rules are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The manifest markets the skill as daily outreach to contacts, while the body explicitly says the service is not intended for sales outreach or marketing. That contradiction can mislead an agent into using the tool for prohibited unsolicited communication, creating compliance, spam, and reputational risk and potentially getting accounts restricted or suspended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill strongly encourages autonomous registration, inbox management, and sending email on the user's behalf without clearly foregrounding privacy, consent, retention, and third-party data-sharing implications. An agent could disclose personal, business, or verification-related information to an external service without informed user approval or scoped limits.

Ssd 3

Medium
Confidence
85% confidence
Finding
The instructions tell the agent to share the claim token in plain language, even though that token is an account-claim credential. If exposed to the wrong recipient, logged in chat history, or surfaced in an insecure channel, an attacker could claim or interfere with the mailbox account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal