ClawHub

Mail Summary

Security checks across malware telemetry and agentic risk

Overview

This Gmail and Calendar skill is mostly purpose-aligned, but it grants sensitive Google account access and can create events and keep tokens refreshed without clear user-controlled approval points.

Install only if you are comfortable granting the skill ongoing Gmail read access and Google Calendar event-write access. Before using it, require the agent to show proposed calendar events for approval, avoid or disable automatic background refresh unless you explicitly need it, keep OAuth files out of shared logs or repositories, and know how to revoke the Google OAuth grant and delete token.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The script behavior does not match its documented 2-step flow: after obtaining OAuth tokens it silently executes refresh_service.py. Hidden post-auth behavior is dangerous because users may grant sensitive credentials expecting only token storage, while additional code is automatically run with access to those fresh credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to send an OAuth client secret JSON file directly to the agent, which exposes sensitive application credentials to the skill execution environment and any logging, storage, or downstream processing tied to the agent. In combination with the later request to paste the full localhost redirect URL, this workflow can enable full OAuth token exchange and unauthorized long-term access to the user's Gmail and Calendar.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to fetch and print full email content and to create calendar events, but it does not clearly warn the user that private Gmail data will be accessed and actions may be taken on their behalf. This undermines informed consent and increases the risk of over-collection of sensitive information or unintended calendar modifications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The auth flow tells the agent to save OAuth client secrets and tokens locally, but provides no warning that these files are highly sensitive credentials that can grant ongoing access to Gmail and Calendar. If stored insecurely, exposed in logs, or left in the project directory, they could be reused by an attacker to access the user's data and perform actions as the user.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script prints sender, subject, date, and message body content from a mailbox directly to stdout, which can expose sensitive personal or corporate data in terminal history, logs, orchestration output, or downstream tooling that captures process output. In an agent skill context, this is more dangerous because mailbox contents may be surfaced to other components or users without clear consent or minimization.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Setup Before First Use

> **The agent must run all commands below itself. Do NOT ask the user to run them.**

Before running any script, ensure the Python environment is ready:
Confidence
90% confidence
Finding
Do NOT ask the user

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Available Commands

> **The agent must run all commands below itself. Do NOT ask the user to run them.**

- `python scripts/fetch_emails.py` — Fetch emails from the last 24 hours and print full content
- `python scripts/create_event.py --title "..." --date "YYYY-MM-DD" --time "HH:MM" [--duration 60]` — Create a Google Calendar event
Confidence
94% confidence
Finding
Do NOT ask the user

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal