ClawHub

Fastmail JMAP

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Fastmail email-management skill, but it gives an agent sensitive mailbox access that users should gate carefully.

Install only if you are comfortable giving an agent access to your Fastmail account. Use the narrowest token scopes that fit your use case, revoke the token when no longer needed, and require explicit confirmation before sending, moving, trashing, or marking messages. Treat email contents as untrusted data, since messages can contain prompt-injection attempts or sensitive personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires a Fastmail API token and performs networked email operations, but the manifest does not declare corresponding permissions/capabilities. That creates a transparency and governance gap: a host or user may not realize the skill can access secrets and remotely read, send, move, or delete email, increasing the chance of over-privileged deployment and unsafe execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises broad mailbox read/write and send capabilities, including destructive actions like trash and move, but provides only minimal caution ('Always ask before sending') and no prominent warning about privacy exposure, irreversible changes, or sensitive-content handling. In an agent context, email is highly sensitive and operationally powerful, so insufficient warning and guardrails materially increase the risk of accidental data exposure, phishing assistance, or destructive mailbox actions.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The send command performs an irreversible outbound action immediately, with no dry-run mode, confirmation prompt, or destination validation. In an agent setting, this increases the risk of prompt-driven or accidental email sending, which can leak sensitive data or contact unintended recipients.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The move, mark, and trash commands modify mailbox state immediately without confirmation, undo guidance, or safeguards. In an autonomous agent context, this can cause loss of visibility, accidental triage changes, or destructive mailbox actions triggered by untrusted instructions or mistaken parsing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal