ClawHub

China Telecom Mail

Security checks across malware telemetry and agentic risk

Overview

This email skill fits its stated purpose, but it asks for sensitive mailbox credentials and enables reading, sending, forwarding, and attachment handling without enough user-facing safety guidance.

Review before installing. Use a dedicated or app-specific mailbox credential if possible, restrict permissions on any config file, avoid committing it to version control, and require explicit confirmation before the agent sends or forwards messages or attachments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README instructs users to store mailbox credentials locally and use a skill that retrieves potentially sensitive email content, but it does not clearly warn about the privacy and security implications of granting mailbox access. In the context of an email skill, this increases the chance that users expose sensitive communications or reuse high-value passwords without understanding the risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documentation encourages reading, forwarding, and sending email content and attachments but does not warn about handling sensitive data, verifying recipients, or avoiding unauthorized disclosure. In an email skill, this omission materially increases the chance of privacy violations, accidental exfiltration, and misuse of confidential attachments during normal operation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The configuration example instructs users to place the mailbox password directly into a local TOML file without any warning about plaintext secret storage. If that file is exposed through backups, local compromise, repo commits, or permissive filesystem access, attackers could obtain full mailbox access and use it for impersonation, data theft, or password-reset abuse across other services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal