Back to skill

Security audit

Full Mail

Security checks across malware telemetry and agentic risk

Overview

This email skill is mostly coherent, but it can permanently delete mailbox messages and write email attachments to disk without enough safety controls or warning.

Review before installing. Use only with an account where you are comfortable granting SMTP/IMAP access, prefer an app-specific password, protect the OpenClaw config file, avoid the delete command unless you understand your provider's recovery behavior, and be cautious downloading attachments from untrusted senders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents use of environment variables for email credentials and clearly enables SMTP/IMAP network operations, but it does not declare corresponding permissions. Undeclared access reduces transparency and can cause users or the platform to underestimate the skill's ability to transmit data externally and handle sensitive mailbox credentials.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation includes a delete-mail command without any warning, confirmation guidance, or explanation of permanence. In an email-management skill, destructive actions can lead to accidental loss of important messages if invoked by a user or agent without sufficient caution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The attachment download feature writes attacker-controlled filenames and content from emails onto the local filesystem without a clear warning or safety checks. In an agent/skill context, this creates real side effects and may expose users to overwrite, clutter, or malicious file placement risks, especially because email attachments are untrusted input.

Missing User Warnings

High
Confidence
95% confidence
Finding
The delete command immediately marks a selected email as deleted and expunges it, with no confirmation prompt or dry-run behavior. In a skill exposed to user or agent commands, this can cause irreversible loss of data from a simple mistake, misunderstanding, or malicious prompting.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide exposes a destructive `delete` operation but does not warn that deleting mail may be irreversible or depend on server-side trash/retention settings. In an agent skill context, users may run commands quickly or automate them, increasing the chance of accidental mailbox data loss.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide instructs users to store email credentials and enable full mailbox access without a prominent warning that mailbox contents and attachments may contain highly sensitive personal or corporate data. In this skill context, access to live IMAP/SMTP credentials materially expands exposure if the local config, logs, or the skill itself are mishandled.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.