ClawHub

Email Manager

Security checks across malware telemetry and agentic risk

Overview

This email-management skill is purpose-aligned, but it can automatically reorganize mail, persist sensitive email metadata, schedule recurring processing, and send email details through phone notifications without strong consent boundaries.

Install only if you are comfortable giving the skill broad control over an already-connected mailbox. Before enabling it, confirm which inboxes it may monitor, whether it may move messages automatically, how to undo spam or folder decisions, whether scheduled runs are enabled, and whether phone/Twilio notifications should be disabled or redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The file explicitly establishes persistent memory across runs and instructs the agent to maintain rolling histories such as a 90-day Sent-History Cache and 7-day notification logs. In an email-management skill, some state is expected, but this design expands retention beyond immediate task execution and can accumulate sensitive contact, communication, and behavioral metadata that may be accessed, overused, or retained without clear minimization controls.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger scope is extremely broad and explicitly instructs proactive activation for nearly any email-related mention. In a skill that can move emails, create folders, update persistent state, schedule recurring jobs, and potentially send notifications, this increases the chance of the skill being invoked without clear user intent and performing consequential actions automatically.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes automated scheduled processing that can reorganize a mailbox, create folders, update long-lived state, and send external alerts, but it does not prominently disclose these side effects up front. Users or orchestrators may invoke it expecting a passive inbox summary, while the skill can instead make persistent and recurring changes, creating a risk of unauthorized email handling, privacy exposure, or operational disruption.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The notifications workflow sends sender, subject, and summaries over SMS/WhatsApp/Twilio without an explicit privacy warning or consent boundary. Email metadata can contain sensitive personal, financial, legal, or workplace information, so forwarding it to another channel expands the exposure surface and may violate user expectations or compliance requirements.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal