ClawHub

Skill Mail Sender

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward email-sending skill, but it should be used carefully because it can send real messages using your SMTP credentials.

Install only if you want an agent or script to send email on your behalf. Use a dedicated mailbox or app password, protect config files with restrictive permissions, review recipients, subject, and body before important or bulk sends, and consider removing or pinning dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description and trigger conditions are very broad, covering nearly any email-, notification-, report-, or reminder-related request. In an agent setting, this increases the chance of over-triggering external actions and sending data off-system without sufficiently specific user intent or confirmation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes HTML/Markdown email, multi-recipient delivery, reports, notifications, and scheduled sending, but does not clearly warn that this transmits potentially sensitive content to external recipients. In an agent context, lack of explicit privacy and consent guidance can lead to unintended disclosure, especially for bulk or automated messages.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation criteria are very broad and could trigger on many ordinary requests involving notifications, reports, reminders, or email-related tasks. In an autonomous agent, over-broad triggering increases the chance the skill is invoked without sufficiently explicit user intent, leading to unintended external transmission of content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation supports sending mail to default recipients and external addresses without a prominent warning that user-provided content will leave the system boundary. This is risky because sensitive reports, reminders, or generated content could be sent externally by default, especially if recipients are pulled from configuration rather than explicitly supplied at send time.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# Linux/macOS
mkdir -p ~/.openclaw/skills/mail-sender
nano ~/.openclaw/skills/mail-sender/config.json

# Windows (PowerShell)
Confidence
84% confidence
Finding
mkdir -p ~/.openclaw/skills/mail-sender nano ~/.openclaw/skills/mail-sender/config.json # Windows (PowerShell) New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.openclaw\skills\mail-sender

Unpinned Dependencies

Low
Category
Supply Chain
Content
# requirements.txt
requests>=2.28.0
markdown>=3.4.0
Confidence
93% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# requirements.txt
requests>=2.28.0
markdown>=3.4.0
Confidence
93% confidence
Finding
markdown>=3.4.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)

High
Category
Supply Chain
Confidence
90% confidence
Finding
markdown

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal