ClawHub

ClawEmail Admin

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent but needs review because it can administer and permanently delete ClawEmail Google Workspace accounts using a privileged API key.

Install only if you trust ClawEmail and intend to let the agent administer these accounts. Keep CLAWEMAIL_API_KEY, generated passwords, and OAuth credentials secret, and require manual confirmation of the exact prefix/email before any suspend or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a permanent account deletion operation but does not require or even recommend an explicit confirmation step, preview of affected account, or user acknowledgement before execution. In an agent context, this increases the chance of accidental irreversible deletion from ambiguous prompts, automation mistakes, or prompt injection that causes the agent to invoke destructive actions without sufficient user consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup instructions tell users to place an API key in an environment variable but omit any warning that the key is sensitive, should not be logged, echoed, committed to source control, or exposed to untrusted subprocesses. Because this skill manages email accounts with full Workspace access, compromise of the API key could enable unauthorized provisioning, suspension, deletion, and enumeration of accounts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal