ClawHub

FREE EMAIL from @claw.boston 一键获取免费原生OpenClaw邮箱

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate hosted email skill, but it should be reviewed because it can read and send mailbox content through a third-party service and stores a powerful local API key with limited safety disclosure.

Install only if you trust claw.boston to handle your agent email. Avoid sensitive mail until you understand the provider's privacy, retention, and revocation policies. Keep the local config file private, do not sync or share the API key, and require explicit confirmation before reading full messages, sending replies, forwarding content, or attaching files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README promotes sending, receiving, and reading emails through an external service but does not clearly warn users that mailbox contents, recipient addresses, message bodies, and attachments may be transmitted to and processed by a third-party provider. In an email skill, this omission is security-relevant because users may assume local handling while the documented setup stores credentials and enables remote mailbox access, increasing the chance of unintended disclosure of sensitive communications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages sending and receiving email, including attachments, through a remote API service but does not clearly warn users that message bodies, metadata, and attachment contents are transmitted to claw.boston. Because email content is often sensitive, this omission can lead users to disclose confidential information without informed consent, especially since the skill presents the feature as a simple setup and natural-language workflow.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill states that the returned API key will be stored locally in ~/.openclaw/skills/claw-boston-email/config.json but does not emphasize that this credential grants access to the mailbox and related account actions. Without a clear warning about protecting the file and restricting permissions, users may leave a bearer token exposed to other local users, backups, logs, or malware, enabling unauthorized mailbox access and email sending.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal