ClawHub

Fastmail Jmap.Disabled

Security checks across malware telemetry and agentic risk

Overview

This appears to be legitimate Fastmail tooling, but it gives an agent powerful mailbox access and includes under-documented contact access and limited built-in safeguards.

Install only if you are comfortable giving an agent access to your Fastmail mailbox. Use the narrowest token scopes possible, avoid Contacts scope unless you explicitly want address-book access, and require confirmation before sending, moving, marking, or trashing messages. Treat autonomous inbox checks as background monitoring and enable them only with clear consent and privacy boundaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires a Fastmail API token and performs networked operations against Fastmail, but the manifest does not declare permissions for secret access or outbound network use. This creates a transparency and governance gap: an agent platform or reviewer may underestimate the skill's ability to access sensitive email data and communicate externally, increasing the chance of over-privileged or unreviewed deployment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README encourages autonomous inbox scanning and alerting, which can expose highly sensitive metadata and message content without emphasizing consent, minimization, or review boundaries. In the context of an agent skill with full read/write/send email access, normalizing background monitoring increases the risk of privacy violations, accidental processing of confidential mail, and inappropriate summaries sent to other systems or users.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The send command can transmit arbitrary content to external recipients immediately, with no interactive confirmation, dry-run mode, or recipient allowlist. In an agent context, this increases the risk of accidental data leakage, spam, or unintended outbound actions if upstream prompts or tool invocations are mistaken or adversarial.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The move, mark-read, mark-unread, and trash operations modify mailbox state immediately without confirmation, undo support, or safety rails. In an agent-driven workflow this can cause unintended destruction, message loss, or tampering with read state if the command is triggered incorrectly or by hostile prompt input.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal