ClawHub

nmail

Security checks across malware telemetry and agentic risk

Overview

This email skill appears to do what it advertises, but it stores and accepts mailbox passwords in risky ways that users should review before installing.

Review before installing. Use a dedicated app password with limited scope where possible, avoid entering it directly on the command line, protect or remove ~/.nmail/config.yaml when not needed, and do not let an agent monitor or send mail unless you are comfortable with it accessing that mailbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to pass an email app password directly on the command line via `--password <app-password>`. Command-line arguments are commonly exposed through shell history, process listings, audit logs, CI logs, and agent telemetry, which can leak credentials to other local users or supporting systems. In an agent-oriented tool, this risk is heightened because automation frameworks often record full commands for debugging and replay.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly enables reading, sending, monitoring, and summarizing email, which involves highly sensitive personal and business data, but it does not present a clear privacy warning, consent expectation, or guidance on limiting access. In an agent context, these capabilities can easily lead to over-collection, unintended disclosure, or silent processing of mailbox contents if the user is not clearly warned about the sensitivity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions direct users to store an app password in local configuration and only note later that it is saved in ~/.nmail/config.yaml, without warning about file permissions, local compromise risk, or safer credential storage options. Credential material for email accounts is highly sensitive, and exposing or mishandling it can enable full mailbox access, account abuse, and persistent unauthorized monitoring or sending.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The command accepts an email password from a CLI flag and persists the resulting account configuration via config.Save without any visible warning that secrets will be stored in the local config file. This can expose credentials through insecure file storage, backups, or local compromise, and CLI flag usage may also leak the password via shell history or process inspection.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The configuration save path serializes the entire Config object, including Account.Password, and writes it to ~/.nmail/config.yaml on disk. Although the file is created with 0600 permissions, storing mail credentials in plaintext increases exposure to local compromise, backups, accidental disclosure, and malware or other processes running as the same user.

Missing User Warnings

High
Confidence
98% confidence
Finding
When account.IMAPTLS is false, the code uses DialInsecure and then immediately performs IMAP LOGIN with the email address and password. This can expose credentials and mailbox contents to passive network observers or active man-in-the-middle attackers, especially on untrusted networks, and there is no visible safeguard, warning, or enforced upgrade to a protected channel.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal