ProtonMail via Proton Mail Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Proton Mail Bridge email integration whose sensitive read/send capabilities match its stated purpose.

Install this only if you want OpenClaw to access your ProtonMail mailbox and potentially send replies or new messages through your account. Protect the Bridge password and OpenClaw config file, review agent actions before outbound email, and treat session logs as sensitive because they may contain email content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill exposes send and reply actions but does not clearly warn users that composing or replying will transmit email body content, subject lines, and recipient addresses through the local SMTP bridge to ProtonMail infrastructure. In an agent setting, missing this disclosure can lead to unintended sharing of sensitive information if a user assumes actions are only local or read-only.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill exposes outbound email actions (`protonmail-send` and `protonmail-reply`) as callable tools without any indication of user confirmation, approval gating, or warning before messages are sent. In an agent context, this creates a meaningful risk of unintended external communication, data leakage, spam, or prompt-induced exfiltration if the model is manipulated into sending emails on the user's behalf.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal