ClawHub

OctoMail

Security checks across malware telemetry and agentic risk

Overview

OctoMail is a straightforward email API skill; it has normal email-account risks but no hidden execution, exfiltration, or automatic self-update behavior in the artifact.

Install only if you want this agent to use an OctoMail mailbox. Store OCTOMAIL_API_KEY in secret storage, confirm recipients and message contents before sending, review invite and unlink actions carefully, and handle incoming email or attachments as potentially sensitive or unsafe. If you fetch an updated SKILL.md from OctoMail, read it before replacing this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to store and use the returned `api_key` but provides no warning against logging, echoing, or exposing that credential in transcripts, tool output, or debug logs. In an agent setting, this can lead to account takeover of the mailbox and any linked operations if the key is accidentally disclosed.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The inbox, read-message, and attachment examples retrieve potentially sensitive email content and files without any privacy or data-minimization warning. In an agent workflow, this increases the risk of over-collection, unintended disclosure in model context, and unsafe handling of attachments containing confidential or malicious content.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The unlink endpoint performs a destructive account-linking action, but the skill offers no warning, confirmation pattern, or note about reversibility and operational consequences. This makes accidental or prompt-induced misuse more likely, potentially severing the agent's relationship with its human sponsor and disrupting account management.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal