ClawHub

Gmail Enhanced

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gmail automation skill, but it needs review because it can automatically modify and send email with weak safeguards.

Install only if you are comfortable granting broad Gmail access to this skill. Use a dedicated or low-risk account if possible, protect the OAuth token files, avoid broad automation queries, manually review auto-replies and bulk mailbox changes, and treat downloaded attachments as untrusted until filename handling and download containment are improved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises automation features such as sending email, deleting or archiving messages, modifying labels, downloading attachments, and processing rules, but does not warn that these actions can change mailbox state or trigger outbound communication automatically. In an email-integrated skill, lack of such warning increases the chance of unsafe deployment, accidental mail sends, or unintended mailbox modification.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to store OAuth credentials and persistent tokens in environment variables or default filesystem paths without any warning about sensitivity, access control, or rotation. Because these artifacts grant mailbox access, poor handling can expose email contents, permit account actions, and enable long-lived unauthorized access if the files are copied or logged.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The attachment search workflow automatically downloads email attachments to disk without an explicit confirmation or safety gate. In an agent setting, this can write untrusted content to the local filesystem, potentially causing storage abuse, overwriting collisions, or placing malicious files where later tooling or users may interact with them.

Missing User Warnings

Low
Confidence
71% confidence
Finding
Rule creation persists automation settings to a hidden file in the user's home directory without any user-facing disclosure. While not immediately dangerous by itself, silent persistence can create unexpected long-lived behavior and expands the chance of later unintended mailbox actions if the file is modified or forgotten.

Missing User Warnings

High
Confidence
96% confidence
Finding
The rule processor can automatically label messages, mark them read, archive them, and send outbound replies based solely on stored queries, with no per-action confirmation, sender validation, or loop prevention. In an autonomous agent context this is high risk because broad or attacker-influenced email content can trigger mailbox tampering, concealment of important messages, and unintended external communications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal