ClawHub

Email Excel Transfer

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear email-to-Excel purpose, but it needs review because it asks for mailbox access and spreadsheet write authority while its examples are too broad and its safety controls are not enforced.

Install only if you are comfortable giving the agent mailbox access and local spreadsheet write capability. Before use, require a specific sender, subject/date range, or explicit message selection; confirm the exact attachment and planned cell changes; use a dedicated revocable mailbox/app password where possible; and verify the agent writes only to a newly created copy, not an original workbook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation materially misrepresents the privilege of the email credential by claiming the app password is read-only, while the code uses standard IMAP login that typically grants whatever mailbox permissions the account has. This can cause users to trust and deploy the skill with more sensitive access than advertised, increasing the risk of unauthorized email exposure or mailbox operations if the credential is reused or the workflow is extended.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill claims dry-run is enabled by default and that saving requires confirmation, but the actual save example performs an immediate write to the workbook with no enforced confirmation gate. In an agentic setting, this mismatch can lead to unintended spreadsheet modification despite the user's expectation that only a preview will occur first.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation phrase is broad enough to overlap with ordinary user requests, which increases the chance that the skill activates in situations the user did not intend. Because this skill accesses email attachments and writes spreadsheet data, accidental triggering can expose sensitive mailbox content or cause unreviewed file modifications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal