ClawHub

Email Reader

Security checks across malware telemetry and agentic risk

Overview

This skill appears legitimate, but it gives an agent sensitive email access and outbound mailbox authority without clear confirmation, scoping, or reminder controls.

Install only if you are comfortable letting an agent use a configured email account. Use OAuth or app-specific passwords where possible, verify the himalaya package source, avoid putting real passwords directly in shell history, and require explicit approval before sending, deleting, marking, or setting up recurring email checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are very broad (e.g., '查看邮件', '发送邮件') and do not require strong scoping, confirmation, or account/context checks before activating a privacy-sensitive capability. For a skill that can read and send email, this raises the risk of unintended invocation, accidental data exposure, or actions being taken from vague user phrasing.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The '定时提醒用户查看邮件' trigger implies autonomous or scheduled behavior without documenting a clear user-initiated setup, approval flow, or limits. In a mail-access skill, ambiguous background activation can lead to privacy-invasive behavior and unexpected processing of sensitive communications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill description advertises reading, summarizing, and sending email but does not prominently warn users that it handles highly sensitive personal and business communications. This can undermine informed consent and increase the chance that users enable powerful mailbox access without understanding the privacy and transmission risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal