ClawHub

Email Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local email drafting and follow-up helper with disclosed local storage and no evidence of network access or inbox connection.

Install only if you are comfortable with the skill creating local files under ~/.openclaw/email-manager/ for settings, templates, follow-ups, and draft history. Avoid saving highly sensitive email text there unless local retention is acceptable, and review or delete those files periodically if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation description is extremely broad and includes generic phrases like 'any email writing and management task,' which can cause the skill to activate in many ordinary conversations unrelated to an explicit request to use this tool. Over-broad activation can lead to unintended file reads/writes, persistence creation, and interference with other skills or normal assistant behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The listed trigger phrases are short and generic, including phrases such as 'follow up,' 'subject line,' and 'professional email,' which are common in normal dialogue and likely to collide with unrelated requests. This increases the chance of accidental activation and unintended state changes such as creating reminders, templates, or history entries.

Vague Triggers

Low
Confidence
98% confidence
Finding
Using the bare command 'help' is unsafe because it is one of the most common generic assistant requests and will almost certainly collide with unrelated user intent. While lower impact than broader activation phrases, it can still hijack sessions and confuse users about which capability is responding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal