ClawHub

AgentMail sending and receiving with Python scripts

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AgentMail email helper, but it handles API keys and stores downloaded email contents locally.

Install only if you are comfortable giving these scripts access to the specified AgentMail inbox. Prefer a dedicated or revocable API key, keep .env out of shared folders and source control, verify placeholders before sending, remember that checking mail marks unread messages as read, and delete MAIL.* files when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs users to create files, write a .env containing an API key, and store downloaded mail in the workspace, but it does not declare corresponding permissions or clearly scope these capabilities. Undeclared environment and file-write behavior weakens reviewability and can lead to over-trust, especially because the skill handles sensitive email content and credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that all unread messages are downloaded as JSON files into a local workspace and marked as read, but it does not warn that this persists potentially sensitive email contents, metadata, and attachments on disk or that marking as read changes server-side state. This can cause privacy leakage, accidental exposure to other local processes/users, and loss of inbox integrity for workflows that depend on unread status.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists full unread email contents, including body text/HTML, headers, and attachment metadata, into local files in the script directory with no access controls, minimization, encryption, or warning. In an agent context, email often contains credentials, recovery links, PII, or other sensitive workflow data, so creating a local mailbox archive materially increases exposure if the host, workspace, logs, backups, or downstream tools are compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal