ClawHub

Apple Mail Channel Setup

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for configuring an Apple Mail plugin, with sensitive email automation clearly tied to its stated purpose but deserving careful setup.

Install only if you intend to give the related plugin access to Apple Mail. Avoid allowFrom ["*"] unless the account is dedicated and low risk, keep archiveOnReply off until tested, and use a narrow sender allowlist for accounts that contain private, business, or customer email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README promotes capabilities like email monitoring, automatic replies, and archiving, but it does not clearly warn users that these actions can access, process, and modify potentially sensitive mailbox data. In a skill whose purpose is to help users install and operate an email-integrated plugin, omitting explicit privacy and data-affecting warnings increases the risk of unintended deployment with overbroad access or unsafe defaults.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes monitoring mailboxes and allowing AI agents to read and respond to emails, but it does not prominently warn users that enabling this plugin grants automated access to live inbox content and outbound messaging capability. This can lead users to deploy it without understanding the privacy, reputational, and operational risks of autonomous email handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples and option descriptions normalize use of `allowFrom: ["*"]` without a strong warning that this permits processing emails from any sender. In the context of an AI-driven mail channel, broad sender trust materially increases exposure to prompt injection, spam-triggered actions, sensitive data disclosure, and unauthorized automated replies.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The `archiveOnReply` feature is documented as a convenience option, but the text does not clearly warn that it changes mailbox state automatically and may move threads out of normal visibility after replies are sent. Users may unknowingly enable it and lose track of active conversations, impair audits, or complicate incident response and message recovery.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples normalize insecure defaults by using `allowFrom: ["*"]` for multiple mail accounts and combining that with automated mail handling like `archiveOnReply`. In an email-ingestion skill, this can cause the agent to accept commands or content from any sender and silently alter message state, increasing the risk of unauthorized interaction, privacy exposure, and operational mistakes.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal