ClawHub

临时邮箱服务

Security checks across malware telemetry and agentic risk

Overview

This temp-mail skill mostly matches its purpose, but it contains under-scoped instructions and unrelated API fallback guidance that could make an agent act outside a clear temporary-email workflow.

Review before installing. Use this only if you trust MaxHub with the configured API key and temporary-mail contents, and prefer explicit prompts such as creating a temporary mailbox, listing that mailbox, or reading a specific message. The publisher should remove unrelated Douyin/Xiaohongshu guidance, narrow routing triggers, and accurately document mailbox creation and privacy implications before this is treated as clean.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is declared as a temporary email helper, but large sections of the instructions introduce unrelated workflows and downgrade mappings for Douyin/Xiaohongshu APIs. This scope mismatch is dangerous because it can cause an agent to load or invoke capabilities outside the advertised function, increasing the chance of unintended data access, prompt confusion, or covert expansion of behavior.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The security declaration claims all endpoints are legitimate read-only data analysis APIs, but the skill explicitly supports generating temporary mailboxes, which is not merely passive data analysis. Misrepresenting capability weakens operator trust and may cause reviewers or agents to under-scrutinize actions that create resources or facilitate anonymous communication.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The API coverage and routing text refers to generic query handling rather than a narrowly scoped email-only assistant. This inconsistency can make the agent overgeneralize user requests and attempt actions beyond the intended domain, which is especially risky when combined with later instructions for multi-endpoint orchestration.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are extremely broad (just '邮箱, 邮件'), which can match ordinary user conversation about email rather than an intentional request to invoke this skill. In an agent environment, this can cause accidental activation of the temporary-mail capability, leading to unintended generation or retrieval of mailbox data and confusing or privacy-impacting behavior.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example trigger words "邮箱,邮件" are overly broad and overlap with common everyday conversation, which can cause the skill to activate unintentionally in unrelated contexts. Because this skill can access a temporary mailbox and retrieve message contents, accidental invocation could expose sensitive email metadata or contents that the user did not intend to access through this skill.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The intent-routing triggers use common words like 'get', 'mail', 'find', and 'show me', which are broad enough to match ordinary conversation unrelated to the skill's safe operating path. Overbroad trigger rules can cause misclassification and autonomous API activity without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The action-mode phrases 'search', 'find', 'analyze', and 'compare' are generic conversational terms that can collide with normal dialogue. In an autonomous skill, such broad activation cues can unintentionally escalate from simple chat into API-backed execution or multi-call analysis.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal