ClawHub

Gmail Assistant

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Gmail assistant, but its AI script handles email text unsafely enough that a crafted email could run local code when AI features are used.

Do not use the AI commands on real mail until the script safely JSON-encodes email content without code interpolation. If you install it anyway, use a dedicated Gmail account, confirm every send/reply/archive/trash action, protect and revoke OAuth tokens when done, and avoid EvoLink AI features for sensitive email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents shell execution, file writes, and network access but does not declare corresponding permissions. That creates a transparency and consent gap: users or a hosting platform may authorize the skill without understanding it will store OAuth tokens locally and contact external services, including an optional third-party AI API. In a credential-handling Gmail integration, undeclared capabilities materially increase risk because the skill can access sensitive email data and persist authentication state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises AI summarization, reply drafting, and prioritization via EvoLink/Claude, which strongly implies user email content may be sent to a third-party service. Failing to clearly disclose that mailbox contents, message bodies, headers, and prompts may leave the local environment creates a meaningful privacy and data-handling risk, especially for sensitive corporate or personal email.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage section documents destructive and state-changing commands such as send, reply, label changes, archive, and trash without a prominent warning that these operations modify live mailbox data. Users may treat README examples as low-risk demonstrations and unintentionally send messages, change message state, or delete content in a real account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
El README promociona funciones de IA para resumir, redactar respuestas y priorizar correos usando Claude a través de EvoLink, pero no advierte claramente que el contenido de los emails puede transmitirse a un servicio externo. En un skill con acceso completo a Gmail, esta omisión puede llevar a exposición inadvertida de datos sensibles, personales o corporativos.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
El README documenta acciones destructivas como archivar, mover a papelera y modificar etiquetas sin advertir de forma visible que estas operaciones alteran el estado del buzón y pueden provocar pérdida de acceso o borrado accidental. En una integración con permisos amplios sobre Gmail, esto aumenta el riesgo de acciones no intencionales por parte del usuario o del agente.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Le README documente des commandes destructives Gmail comme l'archivage et la suppression sans avertissement explicite sur leurs effets ni sur le caractere potentiellement irreversible de certaines actions. Dans un skill qui agit directement sur une boite mail reelle, cette absence de garde-fous augmente le risque d'erreurs utilisateur ou d'usage imprudent menant a une perte de donnees ou a une mauvaise gestion des messages.

Missing User Warnings

High
Confidence
98% confidence
Finding
Le README presente les fonctions IA de resume, redaction et priorisation sans signaler clairement que le contenu des emails, potentiellement sensible, sera transmis a un service tiers EvoLink/Claude. Dans le contexte d'un assistant Gmail, cela expose potentiellement des donnees personnelles, professionnelles ou confidentielles a un traitement externe sans consentement eclaire ni description des limites de confidentialite.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises AI summarization, drafting, and prioritization via EvoLink/Claude but does not clearly warn that email contents and metadata may be transmitted to a third-party AI provider for processing. Because Gmail data is highly sensitive, users may unknowingly expose private or regulated information outside Google and the local environment.

Missing User Warnings

Low
Confidence
75% confidence
Finding
The documented commands include mailbox-modifying actions such as star, archive, and trash without any caution that they change live Gmail state. This increases the chance of accidental destructive actions by users or downstream agents operating from the README examples.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises AI summarization, reply drafting, and prioritization via EvoLink but does not clearly warn that email bodies, metadata, and possibly sensitive content may be transmitted to a third-party service for processing. In a Gmail-integrated skill, this omission is security-relevant because users may enable AI features without understanding the privacy and data-handling implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises AI summarization, drafting, and prioritization of Gmail content via EvoLink/Claude but does not clearly warn that email bodies, subjects, metadata, and prompts may be transmitted to a third-party AI service. In a Gmail-integrated skill, this omission is security-relevant because users may unknowingly expose sensitive mailbox content to an external processor.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README documents state-changing mailbox operations such as star, archive, and trash without an explicit caution that these commands modify or delete mailbox state. While these are intended features, the lack of warning increases the chance of accidental destructive actions by users or agents operating the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises AI summarization, draft generation, and prioritization via EvoLink but does not explicitly warn that email bodies, metadata, and potentially sensitive business or personal content may be sent to a third-party service for processing. In an email skill, this omission is material because users may assume processing is local or limited to Gmail, leading to unintended disclosure of confidential communications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that AI features summarize, draft, and prioritize Gmail content via EvoLink, but it does not explicitly warn users that email bodies, metadata, and potentially sensitive business or personal information may be transmitted to a third-party service. In a Gmail-integrated skill, this omission is security-relevant because users may reasonably assume processing is local or limited to Gmail only, leading to unintended disclosure of confidential content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
README states that AI features summarize, draft, and prioritize Gmail content via EvoLink/Claude, but it does not clearly warn users that email bodies, metadata, and possibly sensitive correspondence may be transmitted to a third-party AI service for processing. In a Gmail integration, this omission is security-relevant because users may enable AI features without understanding the privacy and data-handling implications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises commands that can send, archive, trash, and otherwise modify mailbox state, but it does not include any warning that these are destructive or externally visible actions. In an agent skill context, where commands may be invoked automatically or by less experienced users, missing confirmation and safety guidance increases the risk of accidental email deletion, unintended replies, or unauthorized changes to account state.

Missing User Warnings

High
Confidence
98% confidence
Finding
The ai-summary workflow collects message headers and body content from the user's mailbox and sends that data to Evolink's external API for LLM processing without any explicit warning, consent gate, or data-minimization control. In an email skill, mailbox contents routinely contain highly sensitive personal, financial, legal, and business data, so silent third-party transmission materially increases privacy and data-exposure risk.

Missing User Warnings

High
Confidence
99% confidence
Finding
The ai-reply command sends the original email body, headers, and user prompt to a third-party AI service, again without a clear privacy notice or confirmation step. This is particularly risky because reply drafting is likely to be used on sensitive inbound mail, and the prompt may add even more confidential context before external transmission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The ai-prioritize feature exports email metadata such as sender, subject, date, and labels to an external LLM service without a clear warning. Although this is less severe than full-body disclosure, metadata alone can still reveal sensitive relationships, topics, workflow state, and internal operational details.

Ssd 3

High
Confidence
98% confidence
Finding
These AI features transmit full email content and headers into a plain-language LLM workflow, which meaningfully broadens exposure of sensitive mailbox data beyond Gmail itself. Because the skill is specifically designed to process real user emails, the context makes this more dangerous, not less: the transferred data is likely authentic, sensitive, and user-identifying.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal