ClawHub

Email Registration Scanner

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it asks for broad mailbox access and includes credential-handling and security-downgrade guidance that users should review carefully before installing.

Install only if you are comfortable granting temporary access to your mailbox to reconstruct account history. Prefer OAuth or provider-scoped app passwords, do not weaken email security settings to make the scan work, avoid regular account passwords when possible, use plaintext IMAP only for a local Proton Bridge, scan the smallest set of accounts needed, delete any registration_scan JSON output files afterward, and revoke temporary app passwords after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to perform network access to mail providers and write scan results to temporary files, yet it declares no permissions. That mismatch undermines user and platform trust boundaries because a highly sensitive mailbox-scanning skill can access credentials, account metadata, and registration history without explicit capability disclosure or consent gating at the permission layer.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad phrases such as 'show me all my accounts' and multilingual variants that could match ordinary conversation and invoke a very sensitive mailbox scan. Because the skill processes email accounts and registration history, accidental activation could lead to unexpected credential prompts, mailbox access, or disclosure of a user's service inventory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn, up front, that it will scan highly sensitive mailbox contents and infer a chronological list of all services the user has registered for. This can expose a detailed account inventory and behavioral history, so users may underestimate the privacy implications before invocation or consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly tells users to use their regular GMX/Web.de account passwords for IMAP access without a clear warning that these are primary credentials and should only be entered into a trusted, local integration. In a skill whose purpose is to scan inboxes across many providers, normalizing collection of full account passwords increases phishing-style risk and could lead to full mailbox compromise if users provide credentials to an untrusted workflow.

Missing User Warnings

High
Confidence
98% confidence
Finding
The Yahoo guidance recommends enabling 'less secure sign-in' (or similar legacy access) without a strong warning that this weakens account protections and may bypass stronger authentication controls. Encouraging users to downgrade mailbox security is especially dangerous in a skill that seeks broad inbox access, because compromise of email often enables password resets and takeover of many other services.

Missing User Warnings

High
Confidence
98% confidence
Finding
The AOL instructions similarly tell users to enable 'Allow apps that use less secure sign in' if access is blocked, which promotes reducing account security to accommodate the integration. Because the skill is designed to inventory registrations by reading historical emails, successful access exposes a large amount of sensitive personal data and can facilitate broader account takeover through email-based recovery flows.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The universal fallback queries are very broad: sender matches like `noreply` and subject terms like `welcome`, `confirm`, or `verify` can match large amounts of unrelated mail. In this skill’s context, that broad matching can cause substantial over-collection and misclassification of emails as registrations, exposing more inbox content and metadata than is necessary for the stated task.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts the IMAP password via a --password command-line argument, which can expose credentials through shell history, process listings, job-control logs, and other local monitoring mechanisms. In this skill's context, the password grants access to the user's mailbox, making exposure especially sensitive because it can enable broad account compromise and disclosure of highly personal registration and identity data.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description advertises broad email-account scanning behavior without narrowly defining when it should activate or what constraints apply. In a skill that inspects inbox contents to infer all user registrations, vague activation language increases the chance of overbroad invocation and unintended access to highly sensitive personal data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The manifest states that the skill scans email accounts for registration, welcome, and confirmation emails, which necessarily involves processing sensitive mailbox content, but it provides no warning, consent language, or privacy disclosure. Because this skill aims to reconstruct a chronological list of all services a user has ever joined, the context materially raises the risk of privacy invasion, excessive data collection, and exposure of a comprehensive account inventory useful for profiling or follow-on attacks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal