ClawHub

Himalaya Cli

Security checks across malware telemetry and agentic risk

Overview

This is a transparent email CLI helper, but installing it can let an agent operate a configured mailbox, including sending and deleting mail.

Install only if you want an agent to help manage your email account. Prefer app-specific credentials, OAuth, pass, or system keyring over plaintext passwords, and require explicit review before sending mail, using reply-all, forwarding, attaching local files, exporting messages, downloading attachments, moving/copying/flagging mail, or deleting anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents commands that send email, including a direct templated send path, but does not warn that executing them will transmit message bodies, headers, and recipient addresses to external mail infrastructure. In an agent setting, that omission is risky because a model may treat the action as routine text generation rather than an outbound data transfer with privacy and exfiltration implications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes destructive and side-effecting operations such as deleting messages and downloading attachments to disk without any caution about irreversible mailbox changes or local file writes. In an automated agent context, this increases the chance of accidental deletion, unsafe overwrites, or writing untrusted attachment content to the local filesystem.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation’s main setup example includes plaintext password fields (`backend.auth.raw` and `message.send.backend.auth.raw`) before steering users to safer alternatives. Even though a later section says raw passwords are for testing only, users often copy the first complete example verbatim, which can lead to long-lived mailbox credentials being stored unencrypted in `~/.config/himalaya/config.toml` and exposed through backups, local compromise, or accidental sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal