ClawHub

Pakat Email Marketing

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Pakat email-marketing integration, but it exposes account creation and live email-sending powers without enough scoping or confirmation guidance.

Install only if you intentionally want an agent to operate your Pakat account. Store PAKAT_API_KEY securely, restrict it if Pakat supports scoped keys, and require explicit confirmation before sending or scheduling email, deleting resources, unsubscribing contacts, importing subscriber data, or creating customer accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is described as managing Pakat email marketing resources, but the OpenAPI spec also exposes POST /customers for creating customer accounts. That expands the authority of the skill beyond the stated purpose and can let a user or prompt trigger account provisioning actions that were not reasonably implied by the manifest, increasing the risk of unauthorized account creation and scope confusion.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Customer account creation is not justified by a skill whose stated function is campaign, list, subscriber, template, and transactional email management. In agent settings, this mismatch is dangerous because it enables an unexpected high-impact action path—creating new Pakat customers with personal and company details—without clear user expectation or least-privilege scoping.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger description is broad enough to activate on generic email-related requests, which can cause the skill to be selected when a user did not specifically intend to use Pakat. In this skill, unintended invocation is more dangerous because the available actions include subscriber management and outbound email sending against a live third-party API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides direct instructions for creating campaigns and sending transactional emails without requiring confirmation or highlighting that these are real outbound, user-impacting actions. In context, this is risky because a mistaken or overly eager agent could send mass or transactional email to real recipients, causing spam, reputation damage, or compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal