ClawHub

Mailtarget Email

Security checks across malware telemetry and agentic risk

Overview

This is a coherent email-management skill, but it gives an agent broad live email, account, tracking, and optional DNS-changing authority without enough scoping or approval guidance.

Install only if you intend to let an agent operate a real Mailtarget account. Use narrowly scoped Mailtarget and Cloudflare credentials, require explicit approval before sending campaigns, enabling tracking, bypassing unsubscribe preferences, changing DNS, deleting resources, or managing API keys/sub-accounts, and review all recipients, content, attachments, and DNS records before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation expands the skill from Mailtarget email operations into autonomous Cloudflare DNS administration, which materially broadens the capability and trust boundary of the skill. That creates a real security risk because users may grant powerful infrastructure credentials to an email-focused skill, enabling unintended or excessive control over domain records if the agent misbehaves or is prompted maliciously.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The file instructs users to supply a Cloudflare API token with DNS Write permission even though the advertised skill is for email delivery via Mailtarget. Requesting write-capable third-party infrastructure credentials is dangerous because compromise, misuse, or prompt-induced abuse could alter DNS records, disrupt services, reroute traffic, or weaken domain security beyond email setup alone.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broadly scoped to many common email and infrastructure tasks, which can cause over-invocation by an agent in situations where sending email, managing domains, templates, or API keys was not explicitly intended by the user. In an autonomous system, this increases the chance of unauthorized outbound messaging or configuration changes affecting email infrastructure.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly documents click/open tracking and states that transactional mode can bypass unsubscribe preferences, but it provides no guardrails around consent, lawful basis, or misuse prevention. In context, this is more dangerous because the skill directly enables privacy-invasive monitoring and potentially non-compliant messaging behavior at scale.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation promotes autonomous DNS modification and email tracking features without clearly warning users about infrastructure impact, privacy implications, and the consequences of enabling opens/click tracking. In this skill context, that omission is security-relevant because users may unknowingly authorize domain-level changes and recipient monitoring that affect both system integrity and personal data handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide encourages sending emails with open and click tracking and processing webhook events for recipient behavior without any mention of consent, lawful basis, notice, or data-minimization requirements. In an email-sending skill, this omission can lead users to deploy privacy-invasive tracking by default, creating compliance, reputational, and misuse risks even if the underlying API use is technically valid.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal