ClawHub

msmtp-send

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: send plain-text email through the user's existing local msmtp setup, but users should treat it as able to send mail from that account.

Install only if you want the agent to be able to send plain-text email from the account configured in ~/.msmtprc. Review recipient, subject, and body before invoking it, avoid sending secrets or regulated data, and keep ~/.msmtprc private with restrictive permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill says the agent will 'automatically dispatch' to the exec tool but does not clearly define the trigger conditions or required user confirmation. In a send-email skill, ambiguous automation can cause unintended outbound email transmission, which is a real security and privacy risk because it may exfiltrate sensitive content or contact data without sufficiently explicit consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description does not clearly warn that email bodies and recipient addresses leave the local environment and are transmitted to an external mail service. That omission can mislead users about the privacy implications of using the skill, increasing the chance that sensitive data is sent externally without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends email immediately via the local msmtp configuration with no built-in user confirmation, preview, logging notice, or disclosure that data will leave the host. In an agent-skill context, this increases the risk of silent exfiltration or unintended outbound messaging if the tool is invoked with sensitive content or attacker-influenced parameters.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal