ClawHub

Flexmail

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Flexmail integration, but it gives an agent broad live-account change capability without enough built-in guardrails.

Install only if you trust Membrane and want an agent to operate on your Flexmail account. Use a least-privileged or dedicated connection where possible, confirm every create/update/delete/unsubscribe/proxy request before it runs, verify resource IDs first, and revoke the Membrane/Flexmail connection when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation description is very broad, which can cause the skill to be selected for generic Flexmail-related requests without clear boundaries around read-only versus state-changing operations. In a tool-using agent environment, overbroad routing increases the chance of unintended access to marketing data or accidental remote changes, especially because the skill exposes create, update, delete, unsubscribe, and proxy capabilities.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents state-changing actions and arbitrary proxy requests without an explicit warning or approval checkpoint for operations that can modify remote Flexmail data. This is dangerous in agentic contexts because a model may proceed from a loosely phrased request to destructive or privacy-impacting actions, such as changing contacts, webhooks, subscriptions, or calling unreviewed endpoints through the proxy.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal