ClawHub

Email Newsletter Digest

Security checks across malware telemetry and agentic risk

Overview

This skill has sensitive email access, but its Gmail reading, summarization, scheduling support, and outbound digest emails match its stated purpose and are mostly disclosed.

Before installing, set real intended labels or senders and recipients in settings.json, confirm which Gmail account gog will use, and prefer individual delivery when recipients should not see each other. Only schedule it if you are comfortable with future automatic Gmail reads, summarization, and digest emails until the schedule is disabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires shell execution, reading and writing local files, and access to environment-provided credentials, but it declares no explicit permissions or consent boundaries. That mismatch makes the skill harder to review and increases the chance it will run with broader capabilities than a user expects, especially since it can read Gmail-linked settings and send emails via a bundled script.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference explicitly instructs the agent to update settings.json and create schedules through natural language, but it does not warn that these actions persist configuration changes and can create recurring automated outbound email behavior. In an agentic context, silent persistence and scheduling materially increase the chance of unintended email sends, spam-like behavior, or ongoing data leakage if a user request is misunderstood or abused.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that group mode sends one email with every recipient in the To field, but it omits any privacy warning that all recipients will see each other's addresses. In a newsletter-digest skill, this can expose personal email addresses to third parties and create preventable privacy and compliance issues, especially when users say 'me and my friends' in natural language.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs sending digests and warning/failure emails to configured recipients without warning that newsletter content may contain personal or sensitive information and may be disclosed to multiple recipients. In this context, the danger is real because the skill aggregates email content from Gmail and redistributes summaries, which can expand exposure beyond the original mailbox.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The scheduling guidance encourages setting up recurring automation but does not warn that future runs will continue accessing Gmail and sending emails without per-run confirmation. This creates a persistent automation risk: once scheduled, the skill may repeatedly process new mailbox content and distribute it to recipients even after user intent or recipient lists change.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends full newsletter bodies to an external summarization CLI, and the code explicitly notes that a summarization API key may be required, implying third-party processing of email content. Because this skill handles Gmail data and can include sensitive or subscription-only content, failing to clearly disclose that transfer creates a meaningful privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal