ClawHub

Mailtrap

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mailtrap connector skill with disclosed read/write/delete authority, though users should be careful with inbox cleaning and credential reset actions.

Install only if you want an agent to manage Mailtrap through your connected OOMOL account. Fetch the live schema before running actions, review payloads carefully, and require explicit user confirmation before cleaning inboxes, deleting resources, importing/updating contacts, or resetting SMTP credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation contradicts itself by describing `get_contact_import` as a retrieval operation while also labeling it a write action that changes Mailtrap state. This can mislead an agent or operator into applying the wrong trust and confirmation model, potentially causing unnecessary friction or incorrect handling of the action, though it does not itself create direct code execution or privilege escalation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This action is explicitly destructive ('Delete all messages from one Mailtrap inbox') but the skill provides no warning about irreversibility, no confirmation step, and no guidance to verify the target inbox before execution. In an agent setting, that increases the chance of accidental mass deletion of emails or test artifacts, especially because the example command shows an empty payload placeholder and frames execution as routine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This action resets SMTP credentials for a Mailtrap inbox, which is a destructive and potentially disruptive operation, but the documentation provides no explicit warning about the consequences. A user or downstream agent could invoke it without realizing it will invalidate existing credentials and break dependent integrations, causing service interruption and lockout-like effects until clients are reconfigured.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal