ClawHub

Email Reader

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-related but needs review because it can process unread mailbox contents and control recurring email checks through an unspecified local backend.

Install only if you trust the local OfferPilot/email backend at 127.0.0.1:8010. Before enabling unread fetches, heartbeat, or cron, confirm which mailbox it reads, what email content it stores, who can access it, how to delete history, and how to reliably stop recurring checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill exposes scheduler and notification-management endpoints, but the manifest-level description only says it classifies hiring emails and syncs job status. This mismatch can mislead users and higher-level orchestration into granting or invoking broader automation capabilities than expected, reducing informed consent and review visibility.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
A skill framed as an email-classification helper also includes control over recurring heartbeat jobs and notification actions. That broadens it from passive analysis into active automation control, which increases the blast radius if invoked accidentally, by prompt confusion, or through delegated agent workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill can fetch unread inbox contents and transmit sender, subject, and body to a backend service, but it provides no clear privacy notice, data-minimization guidance, or consent boundary. Because emails often contain sensitive personal and employment information, this creates a meaningful risk of over-collection and opaque handling of private data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal