ClawHub

Exchange2010

Security checks across malware telemetry and agentic risk

Overview

This Exchange skill is not clearly malware, but it gives an agent broad live mailbox control with weak scoping and credential-handling issues.

Install only if you are comfortable giving the agent delegated access to the configured Exchange account and any shared mailboxes that account can reach. Before production use, fix the credential variable mismatch, remove hardcoded organization defaults, use a least-privilege account, require explicit approval before sending or deleting anything, and restrict/sanitize attachment download paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The shared-calendar helper ignores the passed-in account context and instead re-authenticates with locally loaded delegate credentials, enabling access to any mailbox/calendar the service account can reach. In an agent skill context, this broadens authority beyond the caller's current session and creates an insecure direct object reference pattern where a user-controlled email address may expose another user's calendar data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises high-risk capabilities such as reading email, downloading attachments, accessing shared calendars/mailboxes, sending mail, deleting calendar events, deleting tasks, and changing out-of-office settings, but provides no user-facing warning, consent model, or scope limitations. In an agent context, these operations can expose sensitive corporate data or cause destructive state changes if invoked without clear authorization and confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions require a password-based Exchange account in a local credentials file without warning about secure secret storage, credential rotation, or least-privilege account selection. This increases the risk of credential leakage, overprivileged access, and unsafe operational use in environments where agents or users may mishandle plaintext secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal