ClawHub

Cold Email Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cold-email drafting tool that scrapes business websites and uses local Ollama, with no evidence of hidden sending, credential theft, or destructive behavior.

Use this only for websites and lead lists you are authorized to process. Confirm the referenced Scrapling scraper and Ollama setup are trusted, review the lead list before batch mode, and inspect every generated email before sending, especially for inaccurate claims or content influenced by a target website.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly describes scraping third-party business websites and sending extracted context to Ollama, but provides no privacy, consent, or data-handling warning. Even if the targets are businesses, scraped content may include personal names, phone numbers, emails, or other contact details that are then transmitted to another processing component, creating compliance, confidentiality, and misuse risks.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The code sends scraped third-party website content to an external model process without any explicit notice, consent flow, or policy guardrail. Even if Ollama is often local, this code assumes a deployment characteristic that may not hold in all environments and could expose scraped data or business context to external model infrastructure or logs.

Ssd 3

Medium
Confidence
94% confidence
Finding
Scraped website text is embedded directly into the prompt as trusted context, so any instructions placed on the target site can steer the model's output. In this skill, that could cause generated outreach emails to include manipulated claims, leak internal business details present elsewhere in the prompt, or ignore the intended communication constraints.

Ssd 1

Medium
Confidence
96% confidence
Finding
The prompt construction mixes behavioral instructions with untrusted natural-language website prose in a single instruction channel, creating a classic semantic prompt-injection sink. A malicious or compromised business website could include text such as override instructions or socially engineered content that influences the model to produce unsafe, off-brand, or privacy-violating outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal