ClawHub

Mailinator - Free, Disposable, Email

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Mailinator email-access integration, but it under-warns users about sensitive public-inbox and account-recovery email handling.

Review before installing. Use this only for inboxes, domains, and test accounts you are authorized to inspect; treat links, reset emails, confirmation codes, SMTP logs, cached messages, and the Mailinator API token as sensitive. Verify the external npm package separately before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes access to public Mailinator inboxes and email retrieval, but does not warn that these inboxes may contain sensitive third-party messages, tokens, or account-recovery content not intended for the user invoking the tool. In an AI-assisted workflow, that omission increases the risk of unauthorized collection, summarization, or redistribution of private data from publicly accessible but still sensitive mailboxes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example prompts normalize actions such as finding password-reset emails and pulling confirmation codes without any authorization or safety caveat. In the context of an AI tool, these examples can directly steer users or agents toward account-recovery abuse, credential interception, or harvesting of sensitive verification artifacts from public or weakly controlled inboxes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal