ClawHub

Email Extractor

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it includes an unrelated apparent API key/payment signal and unscoped URL fetching that deserve review before installation.

Review before installing. Use it only on pages or text you are authorized to process, avoid private/internal URLs, and do not rely on its payment_status output. The publisher should remove or rotate the exposed key and clarify payment handling before this is treated as a clean email-extraction utility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The handler is presented as an email extractor, but it always returns a "payment_status": "paid" field unrelated to the advertised functionality. Injecting fabricated authorization or billing state into output can mislead downstream agents or workflows into granting access, skipping payment checks, or trusting the result as proof of entitlement.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase examples are broad enough to overlap with ordinary browsing or summarization requests, which can cause the skill to activate unexpectedly. Because this skill performs privacy-sensitive extraction of email addresses, unintended invocation could collect contact data from webpages or user-provided text without clear user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is designed to extract email addresses from arbitrary webpages or text, but it provides no privacy warning or usage constraints. This increases the risk of scraping personal contact information, processing sensitive user-supplied data, or enabling collection of emails from third-party content without informed consent or clear boundaries.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automatically fetches any URL found in user input without disclosure, validation, or restriction. This enables server-side requests to arbitrary destinations, which can be abused for SSRF-style access to internal services, metadata endpoints, or other network resources reachable from the runtime environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal