ClawHub

mail-addr-creator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do its stated job, but it gives an agent admin mailbox-creation power and can print or save mailbox tokens without enough safeguards.

Install only if you trust this publisher and intend your agent to create mailboxes in this specific mail system. Use least-privilege admin credentials, verify the API URL and target domain before each run, confirm batch requests, and treat all returned JWTs/passwords and JSON/CSV output files as secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs use of environment variables, reading local files, writing CSV output, and making network requests to an admin API, yet it declares no permissions or safety boundaries. This creates a transparency and governance gap: operators may invoke a skill with broader capabilities than expected, including use of privileged credentials and local file modification.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill supports `--output-file <path>` with user-specified paths but provides no restriction, warning, or sandboxing guidance. In an agent context, this can lead to unintended overwrite of local files, path traversal into sensitive locations, or creation of artifacts in security-relevant directories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs use of privileged admin authentication headers and shows that the API returns a JWT, but it provides no warning that these credentials and returned tokens are sensitive secrets that must not be exposed, logged, or shared. In the context of a skill whose purpose is to create mailboxes through an admin endpoint, this omission is dangerous because it normalizes handling highly privileged credentials and session-bearing tokens without safeguards, increasing the risk of credential leakage and unauthorized mailbox creation or access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The export documentation explicitly supports writing output to disk while the documented output fields include jwt and mailbox information, yet it gives no warning that this can persist sensitive tokens and account data in plaintext files. In this skill context, that is especially risky because the generated mailboxes and returned JWTs may enable direct access to temporary mail accounts, so accidental export can create durable local artifacts that are easier to exfiltrate than in-memory results.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly show setting an admin authentication secret in an environment variable and returning sensitive mailbox creation artifacts such as JWTs in success output. While these are illustrative placeholders, documenting secret handling and token disclosure without warnings or redaction guidance can normalize unsafe operational practices and increase the chance that real credentials or live tokens are exposed in logs, screenshots, shell history, or copied transcripts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script intentionally includes newly issued mailbox credentials (`jwt` and `password`) in its rendered output and writes them both to stdout and to an arbitrary output file path. In agent or automation contexts, stdout is commonly captured by logs, orchestration layers, chat transcripts, or telemetry, which can expose live credentials to unintended parties and expand the secret's lifetime far beyond the immediate operation.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: cloudflare-mail-address-creator
description: create one or many ordinary mailbox addresses in a cloudflare temporary mail system through the /admin/new_address admin api and return structured results. use when openclaw is asked to create mailbox addresses through the backend instead of the web ui, including requests such as create t2@suilong.online, create 10 mailboxes, add a mailbox in my cloudflare temp mail system, or use the cloudflare mail admin api to create addresses.
---

# Cloudflare Mail Address Creator
Confidence
72% confidence
Finding
create one or many ordinary mailbox addresses in a cloudflare temporary mail system through the /admin/new_address admin api and return structured results. use when openclaw is asked to create mailbox

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal