ClawHub

phishguard

Security checks across malware telemetry and agentic risk

Overview

PhishGuard is a coherent phishing-monitoring skill, but it needs review because it continuously reads business email, sends email content to third-party services, and changes mailbox labels with limited controls documented.

Install only after an administrator approves third-party AI processing of mailbox content, Slack/Teams alert destinations, and automatic Gmail labeling. Test on a dedicated mailbox first, avoid the curl-to-bash installer path, verify the Gmail connector, restrict webhook channels, and require redaction, dry-run or approval, and rollback procedures before using it on production business email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares use of environment variables, external webhooks, and an external AI API, but the manifest does not clearly declare permissions or capability boundaries. That makes it harder for operators to understand and constrain what the skill can access, increasing the risk of over-privileged deployment and unnoticed data egress.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to grant Gmail read and label-management permissions and verifies access by listing recent unread emails, but it does not clearly warn that mailbox contents will be accessed and modified. In a phishing-monitoring skill, this creates real privacy and operational risk because administrators may enable broad access without understanding data exposure or automatic mailbox changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows how to configure Slack and Teams webhooks for alerts but does not warn that alert payloads may contain email-derived metadata or content sent to third-party services. For a phishing-analysis tool processing potentially sensitive emails, that omission can lead to unintended external disclosure of mailbox data.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill states that emails are sent to Claude API for semantic analysis, but it does not present a clear privacy warning, consent model, or data-handling limitations for potentially sensitive mailbox content. In a phishing-monitoring context, full email bodies, headers, and URLs can contain confidential business or personal data, so undisclosed third-party transmission is a significant privacy and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill performs automatic mailbox modifications such as labeling and quarantining messages, but the documentation does not prominently warn about these side effects or their operational consequences. Automatic message handling can disrupt business workflows, hide legitimate mail, or create integrity and audit issues if users and admins are not clearly informed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends full email data to an external AI analyzer, which may include sensitive message bodies, headers, links, and personal or corporate data. In a mailbox-monitoring context this creates a real confidentiality and compliance risk, especially because analysis is automatic and continuous and there is no visible consent, minimization, or redaction in this file.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is configured to use API keys and outbound Slack/Teams webhooks for automatic notifications, which can cause sensitive email-derived findings to leave the monitored environment. In this context, undisclosed external notification channels increase data leakage risk because suspicious-message metadata may be sent to third-party systems without clear operator awareness or scoping controls.

External Transmission

Medium
Category
Data Exfiltration
Content
const prompt = this.buildPrompt(email);

    try {
      const response = await fetch("https://api.anthropic.com/v1/messages", {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
Confidence
90% confidence
Finding
fetch("https://api.anthropic.com/v1/messages", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
const prompt = this.buildPrompt(email);

    try {
      const response = await fetch("https://api.anthropic.com/v1/messages", {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
Confidence
90% confidence
Finding
https://api.anthropic.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal