ClawHub

Outlook

Security checks across malware telemetry and agentic risk

Overview

This Outlook skill openly uses a Maton API key to access and manage a connected mailbox, with no hidden persistence or unrelated behavior found.

Install only if you intend to let the agent access a connected Outlook mailbox through Maton. Keep MATON_API_KEY private, use the smallest necessary read scope, review message bodies before sharing or summarizing sensitive content, and require explicit confirmation before sending, deleting, moving, or marking messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill uses sensitive capabilities (environment access for MATON_API_KEY and outbound network access to Maton control and gateway endpoints) but does not declare permissions. This creates a transparency and governance gap: callers or enforcement layers may not realize the skill can access credentials and external services, increasing the risk of over-privileged use, unintended data exposure, or policy bypass.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The examples encourage reading mailbox contents, including full message bodies, without any privacy warning, data-minimization guidance beyond optional narrow selects, or user-consent guardrails. In an email integration context, this can lead agents or developers to retrieve sensitive personal, financial, or corporate data more broadly than necessary, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document provides state-changing operations such as mark read/unread, move, and delete, but does not consistently attach strong warnings or confirmation requirements to each destructive or user-visible action. In a mail skill, these operations can alter records, hide evidence, disrupt workflows, or cause irreversible loss if an agent executes them without clear user authorization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal