ClawHub

Aliyun Mail

Security checks across malware telemetry and agentic risk

Overview

This skill is an email-sending tool whose network use, file reads, attachments, and SMTP credential use are expected for its stated purpose.

Before installing, understand that email bodies, recipient addresses, and attachments will leave your machine and be sent through Aliyun’s SMTP infrastructure to the chosen recipient. Use a dedicated SMTP account or app password if possible, keep the config file private, and double-check attachments before sending sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables sending message bodies and attachments to an external SMTP service, but the description does not prominently warn users that local content will leave the environment and be transmitted to a third-party mail provider. In an agent setting, this omission can lead to accidental exfiltration of sensitive text or files because users may not realize the external transmission boundary.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code transmits recipient addresses, message contents, and optional attachments over SMTP without any user-facing disclosure or confirmation at the point of use. In an agent/skill context, this is security-relevant because the action can exfiltrate sensitive data off-host, and the lack of explicit notice makes unintended data sharing easier.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill loads SMTP credentials from a local configuration file without warning the user that stored secrets will be accessed and used for network authentication. In an agent environment, silent credential use increases the risk of unauthorized outbound actions, credential misuse, and reduced user awareness around secret handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal