ClawHub

163 Email Skill - SMTP Sender

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: sends user-supplied email through 163 SMTP using configured credentials, with some security warnings users should add or keep in mind.

Install only if you want an agent to send real email from the configured 163 account. Use a dedicated or least-privilege sender account, keep CLAW_EMAIL_AUTH out of code, logs, and shell history where possible, rotate it if exposed, and review recipients and message content before sending sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README instructs users to store SMTP credentials in environment variables and send arbitrary email content, but it provides no warning about protecting those credentials, avoiding shell history/process exposure, or the fact that message content will be transmitted to an external SMTP provider. In an agent/automation context, this omission can lead to unsafe deployment practices, accidental credential leakage, and unintended outbound data transmission.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill sends user-provided recipient addresses, subjects, and message bodies to an external SMTP service, but the documentation does not clearly warn users that this data leaves the local environment. In an agent setting, missing disclosure can cause unintended exfiltration of sensitive content or misdirected outbound communications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup instructions tell users to place SMTP credentials in environment variables but do not warn about the sensitivity of the authorization code or safe handling practices. In shared shells, logs, screenshots, notebooks, or multi-tenant agent environments, such secrets can be exposed and then abused to send mail as the user.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly exposes outbound email-sending functionality and declares environment variables for email credentials, but it does not provide any user-facing warning, consent language, or constraints around external transmission. In an agent context, this increases the risk of silent data exfiltration, unintended contact with external recipients, or misuse of stored SMTP credentials if the skill is invoked with sensitive content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal