ClawHub

Selzy Email Marketing

Security checks across malware telemetry and agentic risk

Overview

This email-marketing skill is mostly transparent, but it gives an agent real campaign-sending authority while some safety steps conflict about when sending or scheduling may happen.

Review before installing. Use a least-privileged Selzy API key if available, verify the exact list_id and recipient count for every campaign, and require a separate explicit confirmation before any createCampaign call. Follow the stricter 1-campaign-per-hour rule everywhere, ignoring the stale 60-second instruction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The README makes a strong security claim that campaigns are never sent without explicit confirmation, yet the examples include 'Send now' behavior and provide no evidence of an enforced confirmation gate. In an email-marketing skill, this mismatch can cause unauthorized or accidental bulk sends, creating financial, reputational, and compliance risk.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation says list_id verification and calling getLists first are mandatory to avoid sending to the wrong recipients, but the workflow is described only as guidance and not as an enforced precondition. For a campaign-sending integration, failing to hard-enforce recipient verification can lead to misdelivery, partial delivery, or sending to unintended audiences.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill states that explicit user confirmation is mandatory before any campaign send, but its example workflows invoke `createCampaign` before waiting for confirmation. In this context, `createCampaign` is the side-effecting operation that schedules or initiates outbound email, so the contradiction can cause an agent to send or schedule messages without final approval, resulting in unauthorized mass communication and compliance risk.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document declares a hard limit of 1 campaign per hour due to fraud controls, but another workflow still instructs only a 60-second wait. Conflicting safety guidance in an automation skill can lead an agent to exceed provider anti-abuse thresholds, causing account blocks, failed sends, or service disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal