ClawHub

Email Writer Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a simple email-writing skill that provides formatting and tone guidance without requesting access to files, credentials, tools, or external services.

Before installing, understand that this skill may be selected for broad email-drafting requests and may steer English-email requests toward business English conventions. It does not appear to access private data or perform actions on your behalf; review generated emails for accuracy before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad phrases like "write email" and "English email," which can match many ordinary user requests and cause the skill to activate outside a narrowly scoped intent. Over-broad activation increases the chance of unintended routing, policy bypass through inappropriate skill selection, or interference with other more suitable skills, even though the skill content itself is not overtly malicious.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
Including "English email" as a use case can bias the skill toward English-language output even when the user has not explicitly requested English, which may override user preference or system routing expectations. In this email-writing context the risk is limited, but it can still produce unintended outputs, reduce usability, and create compliance or communication errors in multilingual settings.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal