ClawHub

Director Email Setup

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it sets up a powerful autonomous email inbox with full email-provider credentials and weakly scoped access controls.

Install only if you intentionally want an agent-operated email address. Before using it, add authentication to the inbox read and ack endpoints, limit the Resend API key where possible, store secrets in a real secrets manager, restrict who can read mail/inbox and mail.log, and make the cron monitor explicit, reversible, and easy to disable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The 'Use when' description includes broad conditions like 'agent needs its own email identity' and 'agent needs to autonomously handle email verification flows' without clear boundaries on when this setup skill should be invoked versus ordinary email sending or inbox-reading tasks. In a manifest/markdown context, this ambiguity can cause unintended invocation for many common agent-email scenarios.

External Transmission

Medium
Category
Data Exfiltration
Content
```js
async function sendEmail(to, subject, text, html) {
  const res = await fetch('https://api.resend.com/emails', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${RESEND_API_KEY}`,
Confidence
60% confidence
Finding
fetch('https://api.resend.com/emails', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
RESEND_KEY="re_xxxxx"

# Add domain
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/domains \
  -d '{"name": "yourdomain.com", "region": "us-east-1"}'
Confidence
60% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \ -H "Content-Type: application/json" \ https://api.resend.com/domains \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
## Step 3: Register Webhook on Resend

```bash
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/webhooks \
  -d '{
Confidence
60% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \ -H "Content-Type: application/json" \ https://api.resend.com/webhooks \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**Send a test email:**
```bash
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/emails \
  -d '{
Confidence
60% confidence
Finding
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \ -H "Content-Type: application/json" \ https://api.resend.com/emails \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# Add domain
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/domains \
  -d '{"name": "yourdomain.com", "region": "us-east-1"}'

# Get DNS records to configure
Confidence
50% confidence
Finding
https://api.resend.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# Get DNS records to configure
curl -s -H "Authorization: Bearer $RESEND_KEY" \
  https://api.resend.com/domains/yourdomain.com | jq '.records'
```

Add the returned DNS records (TXT, MX, CNAME) to your DNS provider. Wait for verification (usually minutes).
Confidence
50% confidence
Finding
https://api.resend.com/

External Transmission

Medium
Category
Data Exfiltration
Content
**Verify status:**
```bash
curl -s -H "Authorization: Bearer $RESEND_KEY" \
  https://api.resend.com/domains/yourdomain.com | jq '{status, capabilities}'
```

Both `sending` and `receiving` must be `"enabled"`.
Confidence
50% confidence
Finding
https://api.resend.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/webhooks \
  -d '{
    "endpoint": "https://yourdomain.com/api/inbound-email",
    "events": ["email.received"],
Confidence
50% confidence
Finding
https://api.resend.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -X POST -H "Authorization: Bearer $RESEND_KEY" \
  -H "Content-Type: application/json" \
  https://api.resend.com/emails \
  -d '{
    "from": "Agent <agent@yourdomain.com>",
    "to": ["owner@theirdomain.com"],
Confidence
50% confidence
Finding
https://api.resend.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```js
async function sendEmail(to, subject, text, html) {
  const res = await fetch('https://api.resend.com/emails', {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${RESEND_API_KEY}`,
Confidence
50% confidence
Finding
https://api.resend.com/

Session Persistence

Medium
Category
Rogue Agent
Content
## Step 6: Set Up Inbox Monitoring Cron

Create a cron job that checks for new emails every 5 minutes and notifies the agent:

```
Every 5 min → Check mail/inbox/ for new .json files
Confidence
80% confidence
Finding
Create a cron job that

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal