ClawHub

Inbox Triage Bot

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide the promised email and calendar triage, but it handles sensitive inbox/calendar data on a recurring schedule without enough privacy, storage, and token-handling disclosure.

Review before installing. Use only with accounts whose email and calendar contents you are comfortable processing, verify the Google OAuth scopes and token location, disable or restrict AI/external summarization if needed, and store any generated digest in a protected path with limited retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly fetches and classifies inbox emails and calendar events, which are highly sensitive data sources, but the documentation provides no privacy notice, data-handling warning, or explanation of where message content may be sent for processing. In this context, users could enable AI classification or external backends without understanding that private mailbox contents, metadata, and calendar details may be exposed to local files, third-party APIs, or logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Google API/OAuth setup instructs users to configure credentials and run OAuth flows, but does not warn that mailbox data and tokens may be transmitted to Google and potentially to optional AI classification services. Because this skill handles email content, the absence of disclosure about external transmission and credential sensitivity increases the risk of inadvertent exposure of private communications and long-lived access tokens.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The cron example appends daily triage output to a markdown file in the user's home directory without warning that the report may contain sensitive email subjects, message summaries, recommended actions, or calendar details. Persistently storing this data on disk can create a secondary cache of confidential communications that may be readable by other local users, backups, sync tools, or incident responders long after the original emails are deleted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal