ClawHub

Email Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill manages a real mailbox, exposes a mailbox credential, and can permanently delete email, so it needs careful review before installation.

Do not install or run this unless you own or are explicitly authorized to manage the named mailbox. The exposed authorization code should be revoked and replaced, credentials should be supplied securely at runtime, and deletion should require an exact message preview, verified backup, and explicit approval before any expunge operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill claims deletion must wait for explicit user confirmation, but the documented workflow exposes a directly runnable destructive command guarded only by a local `--confirm` flag. In practice, an agent or operator could execute deletion without any verifiable linkage to a real user approval, creating a gap between policy and technical enforcement for irreversible mailbox operations.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The helper function is documented as performing selective deletion by category, but it returns all candidate delete_uids without enforcing the requested category filter. In a mailbox-deletion skill, this mismatch is dangerous because callers may rely on the function name and docstring and unintentionally delete a much broader set of emails than the user approved, causing irreversible data loss.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script is labeled as an email analysis tool, but it also exposes backup and permanent-delete workflows over email data. That mismatch increases the chance that a user or supervising agent invokes destructive actions under the assumption the skill is read-only, which is especially risky because the same wrapper makes deletion easily reachable after analysis.

Missing User Warnings

High
Confidence
99% confidence
Finding
The document embeds a live-looking mailbox account and authorization code together with operational instructions for IMAP access and permanent deletion. This is a direct secret exposure and enables unauthorized access, privacy violations, mailbox manipulation, and destructive actions against a real email account; the surrounding language that this is the 'only legal way' increases suspicion rather than reducing risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal