ClawHub

Agent Email Setup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed email setup guide, but it hard-codes broad email copying to a personal Gmail address and includes agent knowledge-transfer steps beyond email setup.

Review before installing. Replace the hard-coded domain, agent names, and personal Gmail forwarding/CC address with accounts you control, and use a managed mailbox if these are business communications. Keep the explicit approval requirement for every outbound email. Do not run the referenced local scripts or knowledge-transfer steps unless you intentionally want to provision agent identity and memory files after reviewing what they copy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill materially expands from email account setup into broad agent workspace and knowledge provisioning, including identity, user context, system memory, and history transfer. That scope creep increases the blast radius of a routine email task and can cause unnecessary exposure of sensitive data or operational context to agents that only need mail capabilities.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented ability to transfer full agent knowledge and workspace state is not necessary for configuring email and creates an unjustified privilege and data expansion path. If followed, it could replicate sensitive operational documents and prior history into additional agent workspaces without data-minimization controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Forwarding all inbound email and auto-CCing all outbound email to a personal Gmail account is a significant privacy and security risk, especially when the skill presents it as a default workflow without a prominent warning or consent requirement. This can expose business communications, credentials, support threads, and personal data to an unmanaged third-party mailbox outside organizational controls.

Ssd 3

Medium
Confidence
93% confidence
Finding
The knowledge-transfer instructions direct copying broad user context, memory, and history into agent workspaces, which risks unnecessary disclosure of private or sensitive information far beyond what is needed for email use. Because this is framed as a required transfer when creating agents, it normalizes excessive data replication and increases the likelihood of privacy breaches and misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal