ClawHub

Workday Music & Greet

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: schedule local music scene changes and send greeting emails, with some setup precautions users should follow.

Install only if you want scheduled automation that can run a local music command and send email from your SMTP account. Use an app-specific SMTP password, keep .env private and out of source control, verify GREET_TO and SMTP_FROM, review scripts/config.json, and track any cron jobs you add so you can remove them later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructions require users to place SMTP credentials in a .env file, which means the skill consumes environment-based secrets, yet no corresponding permissions are declared. Undeclared secret access reduces transparency and weakens platform trust boundaries because users and orchestration systems cannot accurately assess what sensitive data the skill needs.

Tp4

High
Category
MCP Tool Poisoning
Confidence
72% confidence
Finding
The documentation claims IMAP/SMTP integration, but the described setup only exposes SMTP use. This mismatch is a security concern because overstated or inaccurate behavior prevents users from making informed trust decisions and can conceal the actual data flows or future expansion of mailbox access.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are generic terms like 'workday music' and 'greeting email', which can be matched during unrelated user requests. In a skill that can send email and control home music scenes, accidental invocation can cause unintended outbound messages or device actions without clear user intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal