ClawHub

Email Sender

Security checks across malware telemetry and agentic risk

Overview

The skill sends email as advertised, but it includes a hardcoded Gmail app password and can email arbitrary local file attachments, so it needs careful review before installation.

Install only if you understand that this skill can send email through the bundled Gmail account and attach any file path the agent is allowed to read. Prefer a version that removes the hardcoded password, uses your own securely stored credentials, confirms recipient/body/attachments before every send, and limits attachments to approved workspace paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The usage trigger is broad enough to activate for common requests involving reports, logs, or files, which increases the chance the skill is selected in situations where sensitive data may be emailed without sufficiently explicit user intent. In an email-sending skill, overbroad routing is dangerous because it can turn routine document-handling requests into outbound data transmission actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes sending emails and optional file attachments over SMTP but does not clearly warn that this transmits potentially sensitive data outside the system boundary. Without an explicit warning or consent checkpoint, users or calling agents may send confidential files, logs, or reports externally without appreciating the privacy and security implications.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This function can send arbitrary emails and attach arbitrary local files without any user confirmation, approval step, recipient allowlisting, or audit controls. In this specific skill, the risk is amplified by the presence of hardcoded Gmail credentials, which makes the email-sending capability immediately usable for data exfiltration, spam, or unauthorized outbound communication if invoked by an agent or attacker-controlled input.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The tool description, 'Send an email with optional attachment using SMTP,' is broad and does not define when the agent is allowed to use it, what recipients are permitted, or what files may be attached. In an agent setting, this can enable unintended outbound communication or exfiltration of sensitive local files via the unrestricted absolute attachment_path parameter if the model is prompted or manipulated into calling the tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal