ClawHub

Getemails

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GetEmails/Membrane integration, but it needs review because its broad trigger wording and raw authenticated proxy access could send contact data or make API changes beyond what users expect.

Install only if you intend to use Membrane with GetEmails for lead email discovery or verification. Confirm the service account and domain before connecting, avoid using it for general inbox/contact/label management, and require explicit approval before any raw proxy request, especially requests that create, update, delete, or transmit personal or business contact data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest says the skill manages Emails, Contacts, and Labels, but the actual content focuses on lead-email discovery/verification and also exposes direct proxy access to the GetEmails API. This mismatch can cause the agent to invoke the skill in contexts the user did not intend, increasing the chance of unnecessary external data disclosure or overbroad operations.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The generic proxy feature allows arbitrary HTTP methods to arbitrary GetEmails API endpoints, which materially expands the skill beyond its stated purpose and bypasses the safety of constrained pre-built actions. In an agent setting, this can enable unintended data access, modification, or exfiltration if the model constructs broad or unsafe requests from ambiguous prompts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad enough that the agent may match this skill for generic email-related tasks, even though the skill actually routes data to an external lead-enrichment service. That increases the risk of sending user or contact data to a third party when the user may have intended local email handling or another integration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill lacks an explicit warning that names, company domains, email addresses, and related lead/contact data may be transmitted to an external service. In practice, this reduces informed consent and increases privacy/compliance risk because users may not realize their data is leaving the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal