ClawHub

Email 163 Com

Security checks across malware telemetry and agentic risk

Overview

This is a real 163.com email tool, but it needs review because it handles mailbox credentials and can write email attachments to disk unsafely.

Install only if you are comfortable granting this skill access to read, send, and modify your 163.com mailbox. Use a 163 client authorization code rather than your login password, keep the config file private, verify the server settings stay on official 163 hosts, require confirmation before sends/deletes/bulk actions, and avoid downloading attachments from untrusted messages until filenames are sanitized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The installation guide presents commands to read mail, send mail, and download attachments as routine actions without warning that they access private mailbox contents, transmit data externally, and write files locally. In an agent skill context, this increases the chance that a user or automated system invokes sensitive operations without informed consent, leading to privacy exposure or unintended mailbox and filesystem changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The config example explicitly stores an email password/auth code in plaintext and provides no caution about credential sensitivity, file permissions, or safer secret storage. This is dangerous because users may copy the pattern directly, leaving mailbox credentials exposed to local compromise, backups, logs, or other processes that can read the configuration file.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to store the mailbox auth code in a plaintext local JSON config file, but provides no warning about credential sensitivity, file permissions, or safer storage options. Even though this is documentation rather than executable code, it normalizes insecure secret handling and increases the chance that email credentials are exposed through local compromise, backups, shared home directories, or accidental disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents bulk/destructive email deletion operations such as deleting all messages in the spam folder without any explicit warning, confirmation step, or note about irreversible data loss. In an agent skill context, examples often get copied directly into automation, so presenting destructive commands as routine usage increases the chance of accidental mass deletion of user data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool collects and persists the 163 email authorization code in a local JSON config file, but it does so without an explicit warning at collection time that the secret will be stored on disk. Although the file is chmod'ed to 0600, local secret storage still increases exposure to credential theft from other local processes, backups, syncing tools, or accidental disclosure, especially because this credential enables mailbox access and sending mail.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The attachment download logic writes files from emails directly to disk using the attachment-provided filename with no confirmation prompt, overwrite protection, or path sanitization. A malicious email can supply crafted filenames such as '../.bashrc' or absolute paths, causing path traversal and arbitrary file write outside the intended download directory, in addition to silently dropping potentially dangerous files onto disk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal