ClawHub

Commune — Agent Email Inbox

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate email-agent skill, but it gives agents broad persistent authority to send, read, search, and process email with limited safety guidance.

Install only if you intentionally want an agent to operate an external persistent email inbox. Use a dedicated low-privilege API key and inbox, protect secrets outside shared/plaintext configs where possible, require human approval for outbound messages and attachments, and avoid routing sensitive or regulated email unless you understand Commune's processing, retention, and access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The installation guide instructs users to place a live API key directly into a Claude Desktop MCP config file in plaintext. This increases the chance of credential disclosure through local compromise, backups, screenshots, config syncing, or accidental sharing, especially because no warning or safer alternative is provided alongside the example.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes examples that send real outbound email to arbitrary external recipients, but it does not prominently warn users that executing these examples can contact humans autonomously and create real-world side effects. In an agent context, this increases the risk of accidental spam, unintended disclosure, or unauthorized outreach because a user may treat the examples as harmless demos.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises semantic search and AI-based structured extraction over inbound email, but it does not clearly warn that potentially sensitive email content will be processed, indexed, and analyzed by AI systems. In privacy-sensitive workflows, this can lead to unintentional processing of personal, confidential, or regulated data without adequate notice or consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal