ClawHub

medal-email-quote

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for email quote automation, but it needs Review because it can process all unread inbox mail, store full customer emails locally, send message text to external translation services, and mark emails as read automatically.

Install only for a dedicated inquiry mailbox or folder where every unread message may be archived, translated, and marked as read. Use an app password or secret manager, disable external translation unless approved, secure the email_storage directory, define retention/deletion rules, and test single-check mode before running the daemon.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The module imports and conditionally uses the unofficial googletrans client, which sends email contents to an external translation service. In an ecommerce email automation skill, customer inquiries may contain personal, commercial, or order-related data, so undisclosed third-party transmission creates a real data exposure and compliance risk even if the behavior is intended for functionality rather than abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic fetching, storage, translation, and marking emails as read, but does not clearly warn users that potentially sensitive customer communications will be copied to local storage and may be sent to third-party translation services. This creates privacy, compliance, and operational risk because users may enable the skill without understanding that confidential inquiry data and mailbox state will be modified automatically.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The README's workflow and example frame translation into Chinese as the default behavior without documenting user choice, locale constraints, or the privacy implications of sending email contents for translation. In an email-processing skill, this can lead to unintended disclosure of customer data and incorrect handling in multilingual environments where Chinese is not an appropriate or authorized target language.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic retrieval, translation, local storage, and later marking inquiry emails as read, but it does not prominently warn that this processes potentially sensitive customer communications and changes mailbox state. In this skill context, the behavior is expected functionality, but the lack of clear disclosure and operator safeguards increases the risk of privacy violations, unintended retention of personal/business data, and accidental disruption of normal email workflows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation language is broad enough to match ordinary email, translation, and quoting tasks, which increases the chance the skill is invoked in situations where users do not realize customer data will be processed, stored, or sent externally. Overbroad routing is especially risky here because the skill handles sensitive mailbox content and automates downstream actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that non-target-language email content may be translated via third-party APIs such as Google or DeepL, but omits a prominent warning that customer email contents may leave the local environment. This creates a real confidentiality and compliance risk because inquiries can contain personal, commercial, or regulated data that users may not expect to be transmitted to external processors.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill archives raw emails, extracted text, translated content, and generated quotes locally, but does not clearly warn users about this persistent storage. Local retention of customer communications increases the risk of unauthorized disclosure, excessive data retention, and accidental collection of sensitive information beyond what users intended.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Defaulting translation to English without explicit user opt-in can cause customer communications to be transformed and potentially sent to external services automatically. In this context, the risk is not just preference mismatch but unconsented data processing that may affect privacy, regulatory obligations, and the accuracy of commercial responses.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code persists full raw emails and extracted text bodies to local storage, which can include sensitive customer data such as contact details, pricing requests, and business information. In an email automation skill, silent local retention increases privacy and data exposure risk, especially if storage permissions, retention, or encryption are not explicitly controlled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow creates additional derived artifacts—translated content and quote files—that may duplicate or expand the spread of sensitive customer information on disk. This broadens the attack surface because one inbound email can result in multiple persisted files containing original and transformed customer data, potentially increasing accidental disclosure or unauthorized access.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
These functions persist raw emails, extracted text, translations, and generated quotes to disk without any visible access controls, encryption, retention limits, or data minimization. In the context of an ecommerce email automation skill, this creates a real confidentiality risk because customer messages may contain personal, commercial, or payment-related information that could be exposed through local filesystem compromise, backups, or overly broad file access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The translate() path sends arbitrary email text to an external service with no notice, consent, or policy enforcement in this file. Because this skill processes customer inquiry emails, the transmitted text could include names, addresses, order details, or confidential business requests, making silent exfiltration to a third party materially dangerous.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=1.3.0
langdetect>=1.0.9
googletrans==4.0.0-rc1
Confidence
93% confidence
Finding
pandas>=1.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=1.3.0
langdetect>=1.0.9
googletrans==4.0.0-rc1
Confidence
92% confidence
Finding
langdetect>=1.0.9

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal