ClawHub

agentmail-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AgentMail email CLI guide; its main risks are normal for email access, including API-key handling, sending mail, and deleting inboxes or threads.

Install only if you are comfortable giving the agent an AgentMail API key and allowing it to send, read, and delete AgentMail messages. Prefer AGENTMAIL_API_KEY for short-lived sessions, protect or remove ~/.agentmail/config.json if using persistent setup, and require explicit confirmation before deleting inboxes or messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to persist the AgentMail API key to ~/.agentmail/config.json but does not warn about local credential storage, file permissions, or the risk of leaving reusable secrets on disk. In agent environments, persisted secrets can be unintentionally exposed to other processes, future tasks, logs, backups, or shared home directories.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented delete commands remove inboxes and messages without any guidance to confirm intent, preview targets, or warn about irreversibility. In an agentic context, a mistaken ID, prompt injection, or automation bug could cause permanent deletion of user data with no recovery step.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Although the notes mention that deleting a message deletes the entire thread, the warning is not prominent where the delete command is introduced. This creates a high risk that an agent or user intending to remove a single message will instead erase a full conversation history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal