ClawHub

Email Web Interface

Security checks across malware telemetry and agentic risk

Overview

This is a coherent email web-interface guide, but following its examples could expose a Gmail mailbox and email-sending ability without strong default protections.

Install only if you control the mailbox and can harden the deployment. Bind the service to localhost unless intentionally exposing it, require authentication and HTTPS, avoid Flask debug mode, keep TLS verification enabled, avoid less-secure access, store credentials in a secret manager, and use a dedicated mailbox or revocable app password where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs operators to configure direct Gmail access using an app password and IMAP, but it does not prominently warn that this grants broad read/send access to a live mailbox and exposes highly sensitive communications if mishandled. In an agent-email context, this is more dangerous because the account likely contains privileged operational correspondence and can be abused for impersonation or data exfiltration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The custom web app exposes inbox contents and outbound email functionality through HTTP endpoints, yet the skill does not clearly foreground the privacy and security consequences of making a local web interface for sensitive mail. In this context, the danger is elevated because the interface is bound to 0.0.0.0 and integrated into a broader control surface, increasing the chance of unauthorized local-network or adjacent-system access if protections are weak.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal