ClawHub

Truncus Email

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Truncus email-sending skill with real outbound email and tracking risks that are mostly disclosed and aligned with its purpose.

Install only from the reviewed source, verify the GitHub repository before cloning, and use a least-privilege Truncus API key. Before each send, review recipients, subject, body, attachments, metadata, and tracking settings; avoid sending secrets, regulated data, or internal incident details unless approved. Be careful in local dev mode because simulated sends can print email content to the terminal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README presents the skill as a simple email utility but does not clearly warn that, once configured, it can transmit real outbound emails and their contents to an external third-party provider. In an agentic environment, this can lead users to authorize or invoke the skill without understanding the privacy, compliance, reputational, and data-exfiltration implications of sending sensitive content to outside recipients.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill states that open and click tracking are enabled by default, but it does not warn that these features collect recipient engagement data and rewrite links, which can create privacy, compliance, and user-consent issues. In an email-sending skill, silent default tracking is more dangerous because workflows may send to external recipients who have not been informed or consented to tracking.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sends email content and recipient addresses to a third-party API using an API key, but the example provides no user-facing warning or consent boundary about transmitting potentially sensitive data off-platform. This is dangerous because users or downstream agents may unknowingly disclose personal, operational, or confidential information to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to send generated report content to an external email delivery API and then onward to an email recipient, but it provides no warning, consent check, or data-classification guardrails. This is dangerous because business reports may contain sensitive or regulated data, and the skill normalizes exfiltration of generated data outside the local workflow without ensuring the user understands the privacy impact.

Ssd 3

Medium
Confidence
95% confidence
Finding
The local dev mode instructs printing the full request payload, including recipient addresses, subject lines, and body previews, which can expose sensitive personal or business data in logs. Logs are often retained, aggregated, or shared across environments, so this creates an unnecessary data leakage path even when no external API call is made.

External Transmission

Medium
Category
Data Exfiltration
Content
## Agent Action

```bash
curl -X POST https://truncus.co/api/v1/emails/send \
  -H "Authorization: Bearer $TRUNCUS_API_KEY" \
  -H "Idempotency-Key: deploy-complete-2026-03-11-001" \
  -H "Content-Type: application/json" \
Confidence
81% confidence
Finding
curl -X POST https://truncus.co/api/v1/emails/send \ -H "Authorization: Bearer $TRUNCUS_API_KEY" \ -H "Idempotency-Key: deploy-complete-2026-03-11-001" \ -H "Content-Type: application/json" \

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal