ClawHub

Manage Email

Security checks across malware telemetry and agentic risk

Overview

This is a coherent email-management skill, but it can access and change real email, so users should require confirmation for high-impact actions.

Before installing, verify the npm package and connect only the intended email accounts. Require explicit confirmation before sending email, deleting or moving messages, running batch operations, downloading attachments, deleting drafts, removing accounts, or using --all; review recipients, content, account, folder, and message IDs before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger description is overly broad and says email-related requests should always use this skill, which can cause the agent to invoke high-privilege email actions without sufficient task scoping or per-action safeguards. In this context the skill includes read, send, delete, move, and account-management capabilities, so over-triggering materially increases the chance of unintended access or destructive actions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill documents destructive operations such as delete, move to trash, draft deletion, and account removal including `--all`, but does not require explicit confirmation or warn about irreversible or high-impact consequences. Because this skill operates on a user's real email accounts, an agent following these instructions could delete messages or remove accounts from ambiguous or indirect prompts, leading to data loss, account disruption, or privacy impact.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal