ClawHub

Email Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill locally analyzes a configured email inbox and can reveal sensitive sender and subject details, but its behavior matches its stated purpose and shows no hidden exfiltration or persistence.

Install or run this only for an email account you intend to analyze. Treat generated reports as private because they may show names, addresses, subjects, and who is waiting for a reply; avoid sharing terminal logs or JSON output without redaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs users to run shell commands and depends on external CLI access to a configured IMAP mailbox, but it does not declare permissions accordingly. This creates a trust and consent gap: the runtime capability to access email via shell-backed tooling is materially sensitive, and users or platforms may not realize the skill can analyze mailbox contents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mentions a requirement for himalaya with IMAP, but it does not prominently warn users that using the skill will access and analyze mailbox contents, including potentially sensitive message metadata and unread human emails. Because email is highly sensitive personal/business data, insufficient disclosure can lead to uninformed consent and unexpected privacy exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill reads and reports sensitive email metadata, including sender identities, subjects, and responsiveness patterns, without any visible consent prompt, minimization, or privacy warning. In an agent setting, this can expose private correspondence details to users, logs, downstream tools, or other observers who may not expect this level of disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal