ClawHub

Agent Mail

Security checks across malware telemetry and agentic risk

Overview

This is a coherent email assistant, but it needs review because it can use a preconfigured mail account/API for sensitive mailbox actions without enough scoping, ownership, confirmation, or retention detail.

Install only if you trust the configured AgentMail account and understand that the agent may access inbox contents, send messages, process attachments, and store email data locally. Before using it with confidential mail, verify who owns fhbillwer@agentmail.to, what the configured API key can do, and how stored email data can be reviewed or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad terms such as “邮件”, “email”, and “mail”, which are likely to match ordinary user conversation and cause the skill to activate unexpectedly. In a mail-handling skill, accidental activation is risky because it may expose inbox contents, compose/send messages, or process sensitive email data without sufficiently clear user intent.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill advertises sending and receiving email, mailbox management, attachment handling, and conversation management via an external AgentMail API, but it does not warn users that message bodies, recipient addresses, and attachments will be transmitted to a third-party service. This is dangerous because users may provide sensitive personal, business, or regulated information without informed consent, increasing privacy, compliance, and data exposure risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that email data is stored persistently in `/workspace/data/emails/` but provides no warning about retention period, access scope, or the sensitivity of stored messages and attachments. Because email commonly contains credentials, personal data, and confidential documents, silent local persistence increases the risk of unintended disclosure, over-retention, and secondary access by other components or users on the system.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal