ClawHub

SZZG007 Email Business Manager

Security checks across malware telemetry and agentic risk

Overview

This email-management skill appears purpose-aligned, but it needs Review because it asks agents to handle mailbox credentials, customer email history, local storage, and CRM-style syncing without clear limits or approval gates.

Install only if you are comfortable giving the agent access to a specific business mailbox and customer records. Use app-specific or least-privilege credentials, require confirmation before reading histories, drafting replies from real mail, or syncing CRM data, and define where stored emails/customer files live, how long they are kept, and how they can be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are common natural-language requests such as viewing communication history or replying to an email, which can overlap with ordinary conversation and cause the skill to activate unintentionally. In a skill that handles mailbox contents and customer history, accidental invocation can expose sensitive business communications or cause unauthorized processing of email data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to read emails, extract communication history, and sync customer data, but the documentation does not clearly state consent requirements, scope of data access, retention rules, or privacy boundaries. Because the skill processes customer and business correspondence, this omission raises a real risk of over-collection, unauthorized access, and leakage of personally identifiable or commercially sensitive information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal