ClawHub

STM Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a transparent email-assistant skill with real delegated-email risk, but its behavior is disclosed, purpose-aligned, and not deceptive.

Install only if you are comfortable letting an agent send email from a dedicated assistant inbox. Before use, test CC and Reply-To behavior, keep the sent-on-behalf signature, limit which recipients and topics can be sent without review, and avoid including sensitive personal, legal, financial, or employment information unless you explicitly approve the message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes sending emails on a user's behalf through third-party infrastructure and routing replies/CCs, but it does not provide a clear privacy, consent, or data-handling warning. Because the skill is specifically about outbound communication and inbox monitoring, users may expose sensitive personal or business data without understanding transmission, storage, and visibility risks across providers and recipients.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly enables sending outbound emails on the user's behalf and routing replies/CCs through external email infrastructure, but it does not warn about privacy, consent, misdelivery, or third-party data transmission risks. Because the skill is user-invocable and encourages direct sending for 'routine emails,' users may disclose personal, confidential, or regulated information without understanding that recipients, CCs, hosted logo URLs, and mail providers can all receive or expose metadata and content.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **Use full legal name** on formal correspondence
- **Monitor for replies** — set up a heartbeat check on the inbox
- **Mark processed emails** — remove "unread" label after handling
- **Never send without approval** for high-stakes emails (legal, financial, employment)

## Requirements
Confidence
83% confidence
Finding
without approval

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal