ClawHub

Email Finder

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it finds domain email addresses using public web, DNS, search, and SMTP checks, but users should run it only for lawful targeted lookups.

Install only if you are comfortable running a tool that contacts target websites, search/directory services, DNS infrastructure, and mail servers. Use it for small, authorized lookups, avoid bulk prospecting, prefer --no-verify when SMTP recipient checks are unnecessary, and be cautious on untrusted networks because HTTPS certificate verification is disabled for page fetches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is designed to collect and validate personal or role-based email addresses via scraping, search dorking, guessing, and SMTP verification, but it does not include meaningful privacy, consent, or acceptable-use safeguards. In practice, this can facilitate unauthorized harvesting of contact data and active probing of mail infrastructure, creating legal, compliance, and abuse risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script performs website scraping, third-party search requests, DNS lookups, and SMTP probing against external systems without prominently warning the user that it will generate network traffic to the target domain and unrelated third parties. In an agent context, this can cause unintentional active reconnaissance, leak investigative intent, and trigger monitoring or abuse controls on remote systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal