ClawHub

Email Sender

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent with email automation, but it gives an agent broad ability to send files, read mailbox contents, and run auto-replies without clear approval or safety limits.

Review before installing. Use a dedicated, revocable QQ Mail authorization code, confirm every recipient and attachment before sending, avoid sending secrets or broad local file paths, and only enable scheduled checks or auto-replies with explicit rules and a clear way to stop them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly enables outbound email and inbound mailbox access, including attachments, but provides no warning that using it transmits data to external systems and may expose message contents or files to unintended recipients or third-party mail infrastructure. In an agent setting, this is dangerous because automated workflows can exfiltrate sensitive data, credentials, reports, or local files without meaningful user awareness or recipient verification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The use cases encourage automatic emailing of task outputs, reports, and file attachments, but omit privacy checks, recipient verification, and sensitive-data review. In the context of an AI agent skill, examples strongly influence implementation behavior, so these patterns can normalize unattended external sharing and increase the likelihood of accidental data leakage or unauthorized file transmission.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal