ClawHub

Sky - Email for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only email integration skill whose network, credential, webhook, and optional polling behavior are disclosed and match its stated purpose.

Install only if you trust Sky with the email content and metadata handled by this agent. Use a dedicated account and API key, do not print or log real keys, verify webhook signatures, require approval for important outbound messages, and keep any cron-based message processor constrained so inbound email cannot directly steer the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly documents sending email to external recipients and automated polling/processing of inbound messages, but it does not prominently warn that message contents, metadata, and potentially sensitive user data will be transmitted to a third-party service and possibly onward to arbitrary recipients. In an agent setting, this can normalize autonomous external communications and ingestion of untrusted content without clear consent, privacy boundaries, or operator review.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example setup extracts the returned API key and prints it directly with `echo "API Key: $SKY_API_KEY"`, which can expose credentials in shell history, CI logs, terminal recordings, shared consoles, or observability systems. Because the key authorizes sending and reading messages for the agent account, exposure can lead to account takeover and misuse of messaging capabilities.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal