ClawHub

Email Security

Security checks across malware telemetry and agentic risk

Overview

This is a coherent defensive email-safety skill, but its default policy can let owner/admin emails trigger broad agent actions without enough confirmation controls.

Install only if you intentionally want an agent to enforce email-security checks and possibly process email-based commands. Before use, configure owner/admin/trusted lists yourself, require confirmation for all command execution and destructive actions, do not rely on SPF/DKIM alone for privileged commands, and treat all saved attachments as untrusted files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read from and write to local files such as `references/owner-config.md`, but it does not declare those capabilities explicitly. Undeclared file access weakens the security boundary because a host system may activate the skill without realizing it can persist or modify trust configuration, which is especially sensitive in an email-security skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says to use the skill for essentially any interaction with email data, which creates overly broad activation conditions. Over-broad triggering increases attack surface: an agent may invoke this skill in many unrelated email contexts, causing unintended file writes, trust-list changes, or security decisions to occur automatically on attacker-controlled email content.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### From Owner
- Execute immediately
- Log action for audit trail
- No confirmation required (unless explicitly configured)

### From Admin
- Execute immediately
Confidence
81% confidence
Finding
No confirmation

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal