ClawHub

139mail(非官方)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent third-party 139.com mail skill, but it needs Review because it handles mailbox credentials and can change or delete mail with weak transport and safety controls.

Install only if you are comfortable giving an unofficial third-party skill access to your 139.com mailbox. Use a dedicated authorization code, avoid untrusted networks, do not let an agent send/delete/move mail without explicit confirmation, and revoke the authorization code plus delete config/139mail.conf when you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation claims the authorization code is only stored locally and not uploaded to any external server, which is inaccurate because IMAP/SMTP authentication necessarily transmits the credential to remote 139 mail servers. This can mislead users about the real data flow and trust boundary, causing them to underestimate credential exposure and network risk, especially given the documented use of weakened TLS compatibility.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script is presented as a mail-viewing utility, but it performs a state-changing action by marking the message as read after displaying it. In an email workflow, changing read/unread state can alter evidence, hide unread items, interfere with triage, and violate user expectations for a supposedly read-only operation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad everyday expressions such as '查看139邮箱' and '有没有新邮件', which increases the chance of accidental or overly broad activation. In a skill that reads, searches, sends, deletes, and moves email, unintended triggering can expose sensitive mailbox contents or cause unauthorized mail actions in response to ambiguous user requests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide includes example IMAP operations that permanently delete messages via delete_messages() followed by expunge(), and also demonstrates move-by-copy-then-delete behavior without an explicit warning that the action is destructive. In documentation intended for operational use, readers may copy these snippets directly, causing unintended irreversible data loss, especially because IMAP deletion semantics are not obvious to beginners.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically performs a real IMAP login using stored credentials during an environment check, without explicit user consent at runtime. In this skill context, that is more dangerous because a user may expect a local diagnostic only, but the script silently initiates network activity and transmits credentials, increasing the risk of unintended account access attempts, auditing side effects, or credential exposure through unsafe TLS settings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists sensitive email credentials, including the password or authorization code, in a local JSON config file in plaintext. If the host is multi-user, backed up insecurely, checked into source control, or accessed by malware or another local account, those credentials can be recovered and used to access the mailbox and potentially linked services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script permanently deletes email immediately when --permanent-delete is provided, without any confirmation prompt, dry-run output, folder validation, or warning about irreversibility. In a mail-management skill, this creates a real safety issue because a mistyped message ID or automation error can cause irreversible data loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script implements a destructive move by copying a message to another folder and then immediately deleting and expunging it from INBOX without any confirmation, dry-run mode, or rollback check. In an agent or automation context, a wrong message ID, wrong target folder, or unexpected IMAP behavior can cause unintended message loss or irreversible mailbox modification.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script logs into a remote mailbox using stored credentials and accesses mailbox metadata, but more importantly it creates an unverified TLS context with ssl._create_unverified_context() and lowers cipher security with DEFAULT@SECLEVEL=1. This disables certificate validation and weakens transport protections, allowing a man-in-the-middle attacker to intercept credentials and mailbox data if the network path is compromised; in this mail-search context, that makes the issue more dangerous because it directly handles sensitive email account access.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code marks the email as read without prior warning or confirmation, which creates an unexpected side effect from a simple view operation. This can cause users or downstream automation to miss unread mail, disrupt auditing of mailbox state, and lead to accidental modification of account data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal