ClawHub

Email Deliverability

Security checks across malware telemetry and agentic risk

Overview

This is a text-only email deliverability audit guide, with expected privacy-sensitive handling of subscriber and domain data but no hidden code or automatic actions.

Before installing or using this skill, make sure any ESP access is read-only where possible, export only fields needed for the audit, use approved list-verification and DMARC vendors, and avoid enabling DMARC forensic reporting unless privacy or legal review approves it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| **Authentication (SPF/DKIM/DMARC)** | All three configured with DMARC at p=reject and aligned | SPF + DKIM in place, DMARC at p=none or p=quarantine | Missing one or more protocol, no DMARC, or misaligned records |
| **Bounce Rate** | <1% hard bounces per campaign | 1-2% hard bounces, soft bounces under 5% | >2% hard bounces or >5% soft bounces per campaign |
| **Spam Complaint Rate** | <0.05% (below 1 per 2,000 emails) | 0.05-0.08% with downward trend | >0.08% or rising trend (Google threshold is 0.10%) |
| **List Hygiene** | Verified within 90 days, engaged segments defined, sunset policy active | Verified within 6 months, basic segmentation in place | No verification in 6+ months, no segmentation, no sunset policy |
| **Sending Infrastructure** | Dedicated IP with warm-up complete, consistent volume, subdomain isolation | Shared IP with reputable ESP, moderate volume consistency | Unknown IP reputation, erratic volume, no subdomain separation |
| **Content Quality** | Personalized, mobile-optimized, <0.1% spam trigger density, clear unsubscribe | Template-based with some personalization, visible unsubscribe | Heavy image-to-text ratio, spam trigger words, hidden unsubscribe |
| **Engagement Metrics** | >20% open rate, >2.5% CTR, <0.3% unsubscribe rate | 15-20% open rate, 1.5-2.5% CTR, 0.3-0.5% unsubscribe | <15% open rate, <1.5% CTR, >0.5% unsubscribe rate |
Confidence
75% confidence
Finding
No verification

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
| Apple Mail | __% | __% | __% | __% |
| Other | __% | __% | __% | __% |

**Google Postmaster Tools:**
- Domain Reputation: [High / Medium / Low / Bad]
- IP Reputation: [High / Medium / Low / Bad]
- Spam Rate: __%
Confidence
85% confidence
Finding
Tools:*

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal