Back to skill

Security audit

Zoho Mail

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it gives an OpenClaw agent broad Zoho Mail access, which is sensitive but clearly disclosed and purpose-aligned.

Install only for a Zoho mailbox you are comfortable allowing an agent to read, send from, mark, and delete. Prefer a dedicated or constrained mailbox, protect the OAuth client secret and token key, verify release checksums before manual binary installs, and require human approval for send/delete workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill requests sensitive environment variables and instructs installation of a binary into the agent's executable path, but does not declare explicit permissions or clearly scope what the agent may do with those capabilities. This creates a gap between apparent metadata and actual power, increasing the risk of over-privileged use and making review harder.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises full read/write access to a mailbox, including send, reply, delete, and mark operations, but it does not prominently warn operators about the privacy, integrity, and business-impact risks of granting an agent such broad permissions. In an agent skill context, this is dangerous because users may install it without appreciating that the skill can read sensitive correspondence and perform destructive or impersonating actions if misused or compromised.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly provides full read/write mail access, including sending and deletion, but does not present a prominent warning about privacy exposure, impersonation risk, or destructive actions. In this context, an agent can access sensitive correspondence and perform irreversible or user-impacting mail operations, which materially raises risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The setup requires OAuth client credentials and token material, yet the documentation lacks clear handling guidance for these secrets. Poor secret hygiene can lead to credential leakage, account compromise, and unauthorized mailbox access, especially in agent environments where logs or configs may be exposed.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: Zoho Mail
description: Full read/write Zoho Mail access for OpenClaw agents
version: 0.3.0
author: panthrocorp
license: MIT-0
Confidence
76% confidence
Finding
write Zoho Mail access for OpenClaw agents version: 0.3.0 author: panthrocorp license: MIT-0 metadata: openclaw: requires: env: - ZOHO_MAIL_TOKEN_KEY - ZOHO_CLIENT_ID

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.