ClawHub

M365 Spam Manager

Security checks across malware telemetry and agentic risk

Overview

The skill’s mailbox-management purpose is coherent, but its scripts can modify or move Microsoft 365 email without the confirmations its documentation promises.

Install only if you are comfortable granting mailbox read/write access. Run analysis first, use --dryRun true for check-spam.mjs, and verify the target --mailbox and message IDs carefully before running move scripts because they can immediately change mailbox contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs mailbox write operations by default using Mail.ReadWrite and immediately patches message categories unless dryRun is manually enabled. In an agent-skill context, automatic state-changing behavior without an explicit confirmation gate can cause unintended bulk modification of a user's mailbox, especially if thresholds are misconfigured or heuristics are inaccurate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script performs a state-changing mailbox action by moving a message into a training folder and may also create that folder, but it gives no explicit warning, confirmation, or disclosure to the user before modifying mailbox contents. In an agent/skill context, silent use of Mail.ReadWrite increases the risk of unintended or opaque email manipulation, especially when a mailbox override can target another user's mailbox.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script acquires a Microsoft Graph token with the sensitive Mail.ReadWrite scope without surfacing that permission requirement to the user at runtime. In a skill environment, undisclosed broad mail modification rights are dangerous because they enable message movement and other mailbox changes with little transparency, making misuse or accidental overreach harder for users to detect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal