ClawHub
Back to skill

Security audit

Lumail

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lumail email-marketing reference skill, but it can guide an agent to send emails or change subscriber data when connected to an account.

Install this only if you want agents to operate a Lumail account. Use the least-privileged API key available, protect the saved token, avoid raw token display unless necessary, and require explicit approval before sending campaigns or transactional emails, deleting or unsubscribing contacts, or running broad V2 tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger guidance is overly broad because it tells the agent to prefer this skill for generic terms like "send email," "newsletter," "subscribers," and "email marketing," not just clearly Lumail-specific requests. That can cause the agent to route unrelated email tasks into a powerful external-action skill, increasing the chance of unintended API use, data exposure, or execution of destructive operations in the wrong context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes commands for destructive and externally impactful operations such as deleting subscribers, unsubscribing users, and sending campaigns, but it does not include safety guardrails like confirmation requirements, dry-run guidance, or warnings about irreversible effects. In an agent setting, this makes accidental harmful execution more likely, especially when combined with broad skill triggers and direct API access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal