ClawHub

imap-smtp-email

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed email tool that needs sensitive mailbox access, but the reviewed behavior matches its stated IMAP/SMTP purpose.

Install only if you are comfortable giving this skill access to the selected email account. Prefer app passwords or authorization codes, keep allowed read/write directories narrow, expect setup or smtp test to send a real email to yourself, and verify recipients, mailbox targets, and attachment paths before running send or state-changing commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documented commands can send email externally, change message read/unread state, and download attachments to disk, but the documentation does not prominently warn that these actions affect real user data and may transmit content outside the system. In this context, the omission matters because email is highly sensitive and these operations can cause data leakage, unintended communication, or destructive state changes if invoked without clear user awareness or confirmation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `test` command performs a real `sendMail()` to the configured account rather than a non-delivering connectivity check, and there is no explicit confirmation or warning at the moment of use. In an agent/tooling context, invoking a seemingly harmless 'test' operation can generate unintended outbound email, which may surprise users, create audit noise, or be abused for unauthorized message transmission if the command is triggered automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal