ClawHub

Kit Email Marketing Operator

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it asks for powerful Kit email credentials and has under-disclosed or overstated handling of stored credentials and past email samples.

Install only if you are comfortable giving this skill access to your Kit account. Before approving any send, verify the exact email, links, audience, timing, and whether it is draft, scheduled, or immediate. Treat API keys and voice-training samples as sensitive: redact customer data from past emails, review stored local files, and rotate Kit credentials if the workspace may be shared or compromised.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Low
Confidence
84% confidence
Finding
The help trigger phrase is broad enough that normal conversation could accidentally invoke the skill, especially in an agent environment that routes on natural-language commands. While not directly exploitable on its own, unintended activation can cause the agent to enter a higher-privilege workflow or expose operational capabilities unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The voice-training instructions encourage users to paste full prior emails without warning that those emails may contain customer PII, confidential business information, or regulated content. In an agent skill, this can lead to unnecessary collection, local storage, and possible downstream processing of sensitive data beyond the user's expectations.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README uses a very broad natural-language trigger ("I want to send an email to my list") for a skill that can generate, schedule, and send real outbound campaigns. Broad invocation increases the chance the agent activates this capability unintentionally during ordinary conversation, which is risky because the skill has high-impact actions against a live subscriber list.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises creating and scheduling broadcasts, targeting segments, and managing sends through the API, but does not prominently warn about the real-world impact of contacting subscribers or the need for explicit approval before transmission. In this context, the capability is more dangerous because it reaches external recipients at scale, so accidental or premature use can cause spam complaints, reputational damage, or unintended bulk messaging.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The setup guide tells users to invoke the skill with very broad natural-language phrases like wanting help with email marketing. In agent ecosystems that auto-select skills from user utterances, generic triggers can cause the skill to activate unintentionally in contexts where the user did not specifically mean to use this capability, increasing the chance of inappropriate credential handling, data access, or email-sending workflows being entered.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The post-setup guidance encourages users to 'ask OpenClaw naturally' with broad requests that could match many unrelated assistant interactions. In systems with natural-language routing, this ambiguity can over-expand the skill's activation surface and lead to accidental execution of sensitive operations like campaign drafting, segmentation, or message sending under the wrong context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to request and persist Kit API credentials, but it does not require a clear user-facing warning about the sensitivity of those secrets, their storage location, retention, or the risks of sharing them in chat. In an agent skill context, this increases the chance users disclose high-value API keys without informed consent, and a compromised or overly permissive environment could expose those credentials for unauthorized email operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The voice-training flow derives and stores a persistent profile from past emails without a clear privacy notice, data minimization policy, or user consent around retention and downstream reuse. Because historical emails can contain personal, confidential, or commercially sensitive information, silently transforming them into long-lived profile data creates privacy and data-governance risk beyond the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal