ClawHub

AgentMail MCP CLI

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed AgentMail email-management skill, with normal email privacy and sending risks but no evidence of hidden or malicious behavior.

Install only if you trust AgentMail and the npm CLI package. Use a dedicated AgentMail API key where possible, prefer the AGENTMAIL_API_KEY environment variable over command-line keys, avoid logging message bodies or attachment URLs, and require human approval before sending, forwarding, reply-all, auto-replying, or deleting inboxes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents commands for sending, replying to, and forwarding email, which transmit message bodies, recipients, and potentially thread context to external parties, but it does not warn users that these actions cause outbound disclosure. In an agent setting, this omission is risky because an LLM or operator may treat these as routine content-manipulation operations rather than externally visible communications, increasing the chance of unintended data exfiltration or misdirected messages.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The attachment retrieval documentation describes obtaining attachment details and download URLs without warning that attachments and presigned URLs may expose sensitive files, personal data, or confidential business information. In an AI-agent workflow, users may fetch or pass along attachment URLs automatically, which can extend access to sensitive material beyond the intended recipient or system boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal