ClawHub

Fastmail API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Fastmail automation skill with sensitive but purpose-aligned account access and no evidence of hidden or unrelated behavior.

Install only if you are comfortable giving an agent token-based access to your Fastmail account for requested workflows. Use the narrowest token scope available, review confirmations before sends, deletes, moves, identity changes, or bulk calendar edits, and periodically review or delete ~/fastmail-api/ logs and snapshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation scope is overly broad because it triggers on common phrases like Fastmail, JMAP, inbox automation, or mailbox cleanup without defining clear boundaries or requiring explicit user intent. In a mail and calendar automation skill, this can cause unintended activation in ordinary conversation and lead to sensitive or destructive workflows being initiated under ambiguous context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs persistent storage of sensitive operational data including account IDs, mailbox IDs, identity IDs, confirmation policies, and request history, but it does not include an explicit user-facing disclosure, consent flow, retention limit, or minimization guidance. In the context of email, contacts, and calendar management, this creates privacy and security risk because retained metadata can expose account structure, habits, and high-impact actions if local files are accessed or reused unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal