Clawback

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for guarded Gmail access, but it exposes sensitive mailbox delete and modification powers without clear user-confirmation rules for those actions.

Install only if you trust Honeybadge Labs, the Clawback CLI installed on PATH, and the configured Clawback server. Before use, verify CB_SERVER and require explicit confirmation for deletes, draft deletes, label changes, batch modifications, and other mailbox-changing actions, not just email sends.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: 1. Tell the user in plain language: "Sent! It needs approval in Clawback before it goes through — I'll keep an eye on it." 2. Poll `clawback approvals get <approvalId> --json` in the background every ~30s. 3. When resolved, proactively tell the user: "Approved and delivered" or "The approval was rejected/expired — the email was not sent." 4. Never ask the user to run commands or check approval status themselves. Handling other errors
Confidence: 80% confidence
Finding: Never ask the user

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal