ClawHub

独立开发者客服邮件系统

Security checks across malware telemetry and agentic risk

Overview

The skill’s support-routing purpose is clear, but it needs review because the automated mail script builds shell commands from incoming email data while handling customer messages.

Review before installing on a real support mailbox. The workflow is understandable, but use it only after replacing shell-string command execution with safer argument-array execution such as spawn/execFile or after strict validation/escaping of sender addresses, message IDs, profiles, and folder IDs. Also confirm that forwarding full customer emails to the csbot and human mailbox matches your privacy notice and support-data handling requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script forwards full customer messages, sender addresses, and analysis instructions to a separate AI mailbox without any built-in consent, notice, minimization, or policy checks. This can expose sensitive customer content to another processing system and recipient, creating privacy, compliance, and data-handling risks even if the feature is intentional.

Ssd 3

Medium
Confidence
97% confidence
Finding
The AI analysis request explicitly includes the customer's sender address and message body, and instructs the downstream agent to send a derived report to another recipient. This creates a direct data-sharing path for customer content and identifiers in plain language, increasing privacy exposure and the chance of unauthorized redistribution or mishandling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal