ClawHub

IMAP SMTP Email

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed email tool that can read and send mail, so it is sensitive but coherent with its stated purpose and shows no hidden or malicious behavior.

Install only if you are comfortable giving this skill access to your mailbox and permission to send as that account. Use app passwords or provider authorization codes, keep .env private and out of backups or git, keep allowed read/write directories narrow, leave certificate validation enabled unless you fully control the server, and review every send action, recipient, and attachment before allowing an agent to run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The `test` command does more than validate SMTP connectivity: it sends an actual email to the configured account. In an agent/tooling context, a caller may reasonably expect a non-side-effecting health check, so this can cause unintended outbound email, trigger notifications, leak that credentials are active, or be abused for unsolicited message generation.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill supports downloading attachments to the local filesystem and sending emails with arbitrary local file attachments, but the documentation does not prominently warn about privacy, data exfiltration, or unintended disclosure risks. In an agent setting, these capabilities can expose sensitive mailbox contents or local files if invoked without strong user confirmation and clear scope limits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script interactively collects email credentials and writes them in plaintext to a local .env file. Although it applies restrictive permissions afterward, storing reusable IMAP/SMTP secrets on disk increases exposure to local compromise, accidental backup/sync leakage, and later misuse by other tools or users with access to the account.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script automatically attempts to send a real SMTP test email to the user's own address without a separate confirmation step immediately before transmission. This can cause unintended outbound mail activity, surprise the user, and in some environments trigger logging, compliance, or account-security alerts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal