ClawHub

email-send-hanson

Security checks across malware telemetry and agentic risk

Overview

This email skill appears to perform its stated email tasks, but it needs review because it can read private mail, send outbound messages, load mailbox credentials, and attach arbitrary local files.

Install only if you are comfortable giving this skill access to a mailbox. Prefer an app-specific or limited email password, keep unrelated secrets out of nearby .env files, and review every recipient, message body, and attachment path before allowing it to send.

Publisher note

init skill

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions even though it clearly requires network access, environment-secret access, and local file reads for attachments and optional .env loading. This weakens user visibility and policy enforcement, making it easier for a user or platform to invoke a privacy-sensitive email capability without understanding the full trust boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The description says credentials are environment-based, but the skill also accepts local .env files and local attachment paths. That mismatch is dangerous because it hides additional credential-ingestion and filesystem-access behavior, which can lead to unintended secret exposure, reading sensitive local files, or sending them externally as email attachments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises inbox reading, summarization, and email sending without prominently warning that it accesses mailbox contents and uses sensitive credentials. In an agent setting, this increases the chance of overbroad use on private communications, accidental processing of sensitive data, or unsafe delegation of a high-privilege mailbox operation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal