ClawHub

temp-mail

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward temporary-email helper that calls a disclosed hosted Vortex API, with normal privacy and dependency-hygiene caveats.

Install only for low-risk signup or testing workflows. Do not use this skill for sensitive personal, financial, production, account-recovery, or secret-bearing email, because mailbox data is handled by a third-party hosted service. Double-check the address before using clear, since it empties that temporary mailbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly routes mailbox operations through a hosted third-party service but does not warn users that message contents, recipient addresses, and related metadata are transmitted to and stored by that external provider. This can mislead users into entering sensitive signup or verification flows under the assumption the mailbox is local or privacy-preserving, increasing the risk of credential, token, or PII exposure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.24.0
# rich is optional, not required for core functionality
Confidence
93% confidence
Finding
httpx>=0.24.0

Known Vulnerable Dependency: httpx — 2 advisory(ies): CVE-2021-41945 (Improper Input Validation in httpx); CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `http)

Critical
Category
Supply Chain
Confidence
96% confidence
Finding
httpx

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal