ClawHub

Email163 Sender

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real 163 email-sending skill, but it sends credentials and mail over TLS with certificate verification disabled and stores sensitive sent-mail metadata locally.

Install only if you are comfortable giving this skill a 163 authorization code and letting it send from your mailbox. Review recipients, subject, body, CC/BCC, and attachments before every send, avoid passing the auth code on the command line, protect or clear the .email_history file, and prefer a version that keeps normal TLS certificate verification enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description says the skill should be used whenever the user needs to send email, which is overly broad for a capability that can transmit data outside the system. Broad trigger wording may cause an agent to invoke the skill for ordinary conversations without sufficient confirmation, review of recipients, or sensitivity checks. In context, this is more dangerous because the skill supports arbitrary recipients, CC/BCC, HTML, and attachments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explains how to send emails, including attachments, CC, and BCC, but does not warn that this exports user data and local file contents to external recipients. Without a clear disclosure, users or calling agents may treat the action as routine formatting rather than exfiltration of potentially sensitive information. The context makes this more dangerous because attachments and BCC can conceal what data leaves the system and to whom.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The SMTP connection explicitly disables certificate verification by setting check_hostname to False and verify_mode to ssl.CERT_NONE. This allows a man-in-the-middle attacker to intercept credentials, message contents, and attachments, which is a real transport-security vulnerability in a tool that handles sensitive email data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal