ClawHub

Domani - domains & emails for lobsters

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Domani domain and email management helper, but it gives an agent broad account, DNS, billing, token, and email authority with incomplete confirmation guidance for several sensitive actions.

Install only if you want an agent to manage your Domani account. Use a least-privilege token where possible, keep the token private, and require explicit confirmation before charges, DNS or nameserver changes, domain transfers or renewals, mailbox deletion, email forwarding, inbound webhooks, token changes, or account deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to read a local credential file and persist API tokens for reuse without prominent warnings, minimization guidance, or consent boundaries. That creates a real risk of credential overreach, unintended reuse across tasks, and disclosure or misuse of a long-lived bearer token that can perform purchases, email access, and account changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables reading inboxes, sending mail, replying, forwarding, and deletion with no up-front privacy and data-impact warning. Because email content is highly sensitive, these actions can expose private communications, impersonate the user, or destroy records if invoked too broadly or without clear consent.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Forwarding all inbound email to a personal address can expose sensitive business or user communications to an external mailbox outside the intended security boundary. In the context of an agent skill that may process domains and mailboxes for users, normalizing this pattern without privacy warnings increases the risk of inadvertent data leakage and policy noncompliance.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Configuring an inbound email webhook sends message contents to an external endpoint, potentially including sensitive text, headers, and attachments. Without a warning about external transmission, authentication, and secure handling, users may unknowingly exfiltrate private data to an untrusted or improperly secured service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The recipes instruct the agent to perform live domain registration, DNS updates, transfers, and email-routing changes 'exactly' without any embedded warning to confirm ownership, production impact, or user approval for actions that can incur charges or break existing services. In this skill context, the omission is more dangerous because the documented workflows target high-impact infrastructure operations where a mistaken or overly eager agent could disrupt websites/email or purchase domains unintentionally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The DNS auto-migration section states that the service snapshots and restores DNS records using CT logs, SPF, MX/DKIM inference, and a common wordlist, but it does not clearly warn users that this involves broad enumeration and reconstruction of potentially sensitive infrastructure metadata. In a domain-management skill, that omission is security-relevant because users may unknowingly authorize collection and replay of records for subdomains or services they did not intend to expose or recreate, increasing the risk of privacy leakage, misconfiguration, or accidental restoration of stale records.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the agent to read a local config file containing a bearer token and then reuse it for authenticated API calls. In this context, the token grants access to powerful account capabilities including domain purchases, email operations, token management, and billing-related actions, so silent credential harvesting/reuse materially increases account takeover and unauthorized action risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal