ClawHub
Back to skill

Security audit

send-email

Security checks across malware telemetry and agentic risk

Overview

The main email sender is purpose-aligned, but the package also includes an alternate executable mail script that can use local mail profiles outside the documented credential path.

Install only if you are comfortable granting the skill authority to send email and optional local file attachments through your configured account. Prefer the documented Python script path, verify recipients and attachments before sending, and consider removing or ignoring send_email.sh unless the publisher documents the msmtp/.msmtprc behavior clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says it sends email via SMTP, but the implementation also accepts an arbitrary local attachment path and reads that file from disk before sending it out. In an agent context, this materially expands capability from simple messaging to potential local file exfiltration, especially if an untrusted prompt or workflow can influence the attachment path.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This script can transmit arbitrary message bodies and local file attachments to external recipients with no confirmation, allowlist, or visibility control. In an agent context, that creates a clear data exfiltration path: if the skill is invoked with sensitive content or file paths, it will send them externally using configured mail credentials.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The script is designed to use preconfigured msmtp accounts, including entries from ~/.msmtprc, but does not clearly warn that credentialed external email accounts will be used. In an agent setting, this can surprise users and enable unintended outbound communication under their identity or organization account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal