ClawHub

myskil

Security checks across malware telemetry and agentic risk

Overview

This skill openly describes an email monitor, but it needs Review because it can keep using a logged-in mailbox and save email contents and attachments to disk with broad, automatic behavior.

Install only if you intentionally want a persistent local monitor for a specific mailbox. Before running it, obtain and review the missing scripts, use a dedicated mailbox or browser profile if possible, confirm exactly where screenshots, workbook data, logs, and attachments will be stored, and verify how to stop the monitor and delete retained email artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the system to download email attachments to the desktop, save screenshots of full message contents, and write structured message data to local files, but it does not present this as a clear user-facing warning or consent boundary. This is dangerous because emails and attachments often contain sensitive personal, financial, legal, or corporate data, and silently persisting them to broadly accessible local locations increases the risk of privacy breaches, accidental disclosure, and unsafe handling of malicious attachments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that bootstrap may automatically install Python and Microsoft Edge via winget, but this behavior is not surfaced as a prominent warning or explicit consent step. Silent or poorly disclosed software installation materially changes the host environment and can violate enterprise change-control, least-privilege, or user-expectation boundaries, especially when triggered from a convenience bootstrap path.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal