ClawHub

ClawAIMail MCP Server

Security checks across malware telemetry and agentic risk

Overview

This email skill appears purpose-built, but it gives an agent real email sending, mailbox reading, and inbox deletion powers without strong built-in safeguards.

Install only if you intentionally want an agent to manage a ClawAIMail account. Use a dedicated low-privilege API key if available, require human approval for send_email and delete_inbox, avoid connecting sensitive or compliance-critical mailboxes, verify the npm package source/version, and do not set CLAWAIMAIL_BASE_URL to a server you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses environment secrets and networked actions but does not declare permissions or warn users about those capabilities. In an agent context, hidden access to API keys and outbound email/network operations reduces transparency and can enable unintended external actions or misuse of credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises the ability to send real emails and delete inboxes/messages without prominent safety warnings, confirmation guidance, or abuse considerations. In an AI-agent setting, this increases the risk of accidental spam, disclosure of sensitive content, destructive mailbox actions, or agents performing irreversible actions without informed user approval.

Missing User Warnings

High
Confidence
91% confidence
Finding
The delete_inbox tool performs irreversible deletion of an inbox and all messages with a single call and no confirmation barrier, dry-run mode, ownership check, or warning in the tool contract beyond its name. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions that can cause permanent data loss across potentially sensitive email content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal