ClawHub

Sog

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent mail/calendar/files CLI, but it needs review because it includes under-documented shell execution and weakly warned credential/security modes.

Review before installing. Use only trusted accounts, prefer HTTPS/TLS with certificate validation, avoid --insecure and --no-tls except in isolated testing, avoid passing passwords directly in shell commands, and do not use the idle --exec feature unless you fully trust the command and understand that incoming mail can trigger it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The code runs a user-configured string via `sh -c` whenever new mail arrives, creating arbitrary shell execution triggered by external network events. In a mail client context, this is dangerous because any email sender who can cause message delivery can trigger local command execution, and use of a shell amplifies risk if this feature is later combined with message-derived data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README shows passwords passed directly on the command line, which can leak secrets via shell history, process listings, terminal logs, and CI transcripts. Even if the tool later stores credentials in the system keychain, the example teaches an unsafe handling pattern that can expose account credentials.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documented commands include destructive operations such as deleting mail, folders, tasks, contacts, calendar items, and remote WebDAV content, yet the skill provides no explicit warning about irreversible data loss or the need to verify targets. Combined with flags like --force and --no-input, this increases the chance of accidental or automated destructive actions against live accounts.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The authentication section instructs users to configure network-connected accounts and provide passwords, but it lacks a clear privacy/security warning about handling sensitive credentials and connecting to third-party servers. While this is common CLI functionality, the absence of guidance can lead users to enter secrets in unsafe contexts or misunderstand what endpoints are being contacted.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The client always applies HTTP Basic Authentication using the configured email and password, but it does not verify that the CardDAV URL uses HTTPS before sending credentials. If a user supplies an http:// endpoint or a downgraded/non-TLS URL, credentials can be exposed to network attackers in transit, leading to account compromise and unauthorized access to contacts and potentially the broader mail/groupware account.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The account removal command performs a destructive action immediately and the code even notes that confirmation is still a TODO. In a CLI handling email and credential configuration, accidental invocation, scripting mistakes, or misuse of a shared terminal session can permanently remove account configuration and associated stored secrets without an opportunity to abort.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The command exposes --insecure to skip certificate verification and --no-tls to allow plaintext connections, but there is no explicit runtime warning, guardrail, or restricted mode. Because this tool manages email credentials, these options can enable man-in-the-middle interception or credential disclosure over untrusted networks, making the context especially sensitive.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The subprocess execution feature is security-sensitive and is triggered automatically by incoming mail, yet this code gives no warning or confirmation before enabling it. In this skill context, that makes the feature more dangerous because a mail client normally processes untrusted remote input, so users may not appreciate that new messages can launch local commands.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When StorageFile is selected, passwords are written in plaintext JSON to a local file. Although the file is created with 0600 permissions, storing reusable credentials on disk increases exposure through local compromise, backups, accidental syncing, malware, or operator misunderstanding, and there is no warning at the write path that a less secure backend is being used.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code silently falls back to environment variables for password retrieval after storage lookup fails. Environment variables are commonly exposed through process listings, crash dumps, shell history, CI logs, inherited subprocess environments, and debugging tools, so implicit use of them can broaden credential exposure without the user's awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The client permits both plaintext IMAP connections (`NoTLS` and the non-TLS fallback path) and TLS connections with certificate verification disabled (`InsecureSkipVerify`). Because the same function immediately performs `Login(cfg.Email, cfg.Password)` over that channel, credentials may be exposed to passive interception or active man-in-the-middle attacks. In a mail client context, this is especially sensitive because compromise of mailbox credentials often grants broad access to email, password resets, and other connected services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This SMTP client can send credentials and message content over plaintext connections when `noTLS` is enabled or when neither `tls` nor `startTLS` is selected, and it also permits certificate verification to be disabled via `InsecureSkipVerify`. That creates a real confidentiality and integrity risk because an attacker on the network could intercept credentials, read email contents, or perform man-in-the-middle attacks without any guardrails or warnings in this code path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The client accepts any URL and immediately configures HTTP Basic Auth, so if callers provide an http:// endpoint, credentials and file contents may be transmitted without transport encryption. In a CLI for remote file access, this is dangerous because it can expose account passwords and sensitive data to network attackers via interception or downgrade-prone deployment mistakes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal