ClawHub

Email News Digest

Security checks across malware telemetry and agentic risk

Overview

The skill’s email-digest purpose is coherent, but it reads Gmail and sends email automatically while using a canned summary that may not reflect the email content.

Review before installing. Use only with a Gmail account and recipient list you trust, keep Gmail queries narrow, and avoid confidential mail unless you first add a dry-run or confirmation step. Treat generated summaries as unreliable until the placeholder summarizer is replaced with real content-based summarization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation describes reading emails and sending messages through Gmail, which are sensitive capabilities, yet it declares no permissions. This creates a transparency and consent problem because users and reviewers are not clearly informed that private email content may be accessed and outbound email may be sent on their behalf.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior materially differs from the effective behavior: it accesses Gmail, sends email, processes only one matching message, and may emit a canned summary instead of summarizing actual content. This mismatch can mislead users into granting trust to a workflow that handles sensitive communications differently than advertised, increasing the risk of privacy violations and unintended data disclosure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill lacks an explicit warning that email content and generated reports may be transmitted through external services or subprocesses. Because email bodies often contain confidential information, failing to warn users about external processing undermines informed consent and can lead to accidental exposure of sensitive data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal