ClawHub

.Imap Smtp Email.Disabled.20260401 113327

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward email tool that does what it says, but it handles sensitive mailbox access and stores credentials locally.

Install only if you are comfortable giving the skill access to the configured mailbox and the ability to send email from that account. Prefer provider app passwords or authorization codes over primary passwords, keep ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS narrow, avoid disabling certificate validation, and review recipients, body files, and attachments before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill performs sensitive actions involving environment secrets, network access, and shell execution, but does not declare permissions up front. This weakens user awareness and policy enforcement, making it easier for a caller to invoke email sending, mailbox access, or setup commands without an explicit trust boundary being communicated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description emphasizes functionality but does not clearly warn that the skill can transmit email and attachments to external servers and alter message state such as marking mail read or unread. In an agent setting, insufficient disclosure can lead to unintended data exfiltration, privacy violations, or destructive mailbox changes because users may not realize the operation is state-changing and networked.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script collects an email password/app password and writes it directly into a local .env file, which creates a plaintext credential-at-rest risk. Although the file is later chmod'd to 600, the user is not clearly warned before entry that the secret will be persisted to disk, increasing the chance of unsafe use on shared, backed-up, or compromised systems.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The setup flow allows users to disable certificate validation via 'Accept self-signed certificates', which sets REJECT_UNAUTHORIZED=false for IMAP/SMTP TLS. This weakens transport security and can enable man-in-the-middle interception of email credentials and message contents, especially because this skill handles highly sensitive mailbox access.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal