ClawHub

Greek Email Processor

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs Review because it can read and send sensitive accounting emails while its instructions are inconsistent about external integrations and approval before sending messages.

Review the configuration carefully before installing. Use a dedicated mailbox or app password, keep IMAP as narrow as possible, enable SMTP/Mail.Send/Calendar/Slack only if you truly need them, require draft review before any outbound email, and protect the local data directory because it may contain invoices, tax notices, bank statements, and client records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill contains materially inconsistent statements about whether it integrates with external services. Users may rely on the 'does NOT integrate with external software' note while enabling workflows that actually use IMAP/SMTP, OAuth APIs, webhooks, and calendars, causing unintended data disclosure or network access in a sensitive accounting/email context.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document promises that all auto-responses require human approval, but later examples invoke auto-responding and confirmation sending as if they are automatic. In an email-processing skill handling financial and government communications, this inconsistency can lead to unauthorized outbound messages, accidental disclosure of sensitive information, or premature statements sent to clients and agencies.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill introduces client notification and automated response capabilities without an immediate warning that these actions may send external emails containing accounting or client data. This increases the risk that operators enable outbound messaging without understanding disclosure, misdelivery, or reputational consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow examples show automatic responding to routine and client communications without adjacent review or approval safeguards. In practice, users often copy example workflows verbatim, so these snippets can operationalize unsafe outbound messaging and leak financial status, payment details, or compliance information to external recipients.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal