ClawHub

Mandrill

Security checks across malware telemetry and agentic risk

Overview

This Mandrill skill is a real integration, but it gives an agent broad authenticated access to transactional email operations without clear confirmation limits.

Install only if you trust Membrane and intend to let an agent operate on a Mandrill account. Use least-privileged or test credentials where possible, pin or verify the Membrane CLI before installing, and require explicit approval before sending emails, modifying templates, deleting resources, bulk operations, or raw proxy requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is broad enough to match many generic 'manage data' or 'automate workflows' requests, which can cause the agent to invoke this Mandrill integration in situations where email delivery data or message operations were not clearly intended. In a live transactional email context, overbroad routing increases the chance of unnecessary access to sensitive email records or unintended outbound actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation encourages running actions and proxying arbitrary API requests against Mandrill without emphasizing that these operations may affect production transactional email flows or expose message content and recipient metadata. That omission is risky because users or agents may treat the skill as harmless exploration when it can perform live reads and writes against sensitive email infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal