ClawHub

Flashrev Mailer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed FlashRev email-outreach helper with sensitive but purpose-aligned controls for sending, replies, and campaign management.

Install only if you intend to let an agent assist with real FlashRev outreach. Review recipients, sender mailbox, drafts, schedule, and any AI auto-reply prompt yourself before approving live actions, and keep the .flashrev workspace on a trusted machine because it may contain campaign, profile, and inbox metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description uses very broad activation criteria around email, outreach, follow-up, and reply handling, which could cause an agent to invoke this high-impact skill in ordinary email contexts without sufficient narrowing. Because this skill can ultimately send real outbound mail and alter campaign state, overbroad triggering increases the chance of accidental use in sensitive or unrelated workflows.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill enables implicit invocation with no narrowly defined trigger constraints, so an agent may activate email-outreach capabilities in situations where the user did not clearly intend to use this tool. Because this skill can build campaigns, triage replies, and prepare actions related to live sending, over-broad auto-activation increases the risk of unintended outreach workflows, privacy exposure, or user-confirmation bypass through agent misinterpretation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal