ClawHub

Lumbox

Security checks across malware telemetry and agentic risk

Overview

The skill does what it describes, but it gives agents broad email, signup, OTP, browser, credential-vault, and TOTP authority with persistent keys and limited guardrails.

Review before installing. Use this only for accounts and correspondence you explicitly authorize, prefer scoped inbox keys where possible, keep the local API key protected, and avoid using it for sensitive personal or production accounts unless you trust Lumbox with email contents, OTPs, magic links, and stored credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is framed for generic signup, verification, and correspondence workflows without clear restrictions, which can cause an agent to invoke it for many routine tasks involving external accounts and sensitive email flows. In context, this is more dangerous because the skill also provisions inboxes automatically and handles OTPs, enabling high-impact account actions without explicit user confirmation or scope limits.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup flow instructs the agent to self-sign up for an org and persist the resulting API key in ~/.lumbox/config.json, but does not warn that this creates a long-lived credential on disk. This is dangerous because local credential persistence can expose the key to other local users, processes, backups, or later agent actions, and the same key appears to grant broad access across inboxes and related services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description emphasizes OTP handling, verification emails, and correspondence but does not disclose that these sensitive contents are sent to and processed by an external Lumbox service. In this context, the omission is significant because users may assume a local capability, while the skill actually intermediates sensitive account-recovery and authentication data through a third-party provider.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises browser automation, an encrypted credential vault, and TOTP generation under one bearer key, but provides no warning about the account-impact and secret-management risks of consolidating those capabilities. This increases danger because compromise or misuse of a single key could enable credential access, interactive account changes, and second-factor handling across multiple services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API reference documents endpoints that return OTP codes, email contents, IMAP credentials, and scoped API keys in plaintext, but it does not pair this with explicit guidance on secure handling, storage, redaction, and least-privilege use. In an agent-oriented skill, this is more dangerous because agents commonly log tool outputs, pass data between components, or expose results in transcripts, which can unintentionally leak credential-like artifacts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal