ClawHub

Fastmail

Security checks across malware telemetry and agentic risk

Overview

This Fastmail skill does what it claims, but it gives an agent broad control over email and calendar actions, including sending and bulk deletion, with limited built-in safeguards.

Install only if you trust the agent environment with your Fastmail account. Use revocable app-specific credentials, avoid committing .env files, and require explicit manual approval before any send, reply-all, delete, bulk email operation, calendar change, or RSVP action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly requires environment-variable access for credentials and network access to Fastmail APIs, but SKILL.md does not declare permissions. This weakens transparency and policy enforcement because an agent or reviewer cannot easily verify that the skill will access secrets and send data over the network before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior says timezone is auto-detected from the system, but the finding indicates the implementation also accepts an override and may use hardcoded UTC+7 logic. For calendar operations, incorrect or misleading time handling can silently create, update, or respond to events at the wrong times, causing real-world integrity issues such as missed meetings or incorrect RSVP/reminder scheduling.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The calendar code hard-codes UTC+07:00 handling in toUTC and parseICalDate, contradicting the manifest claim that timezone is auto-detected from the system. This can silently shift event times, causing users to miss meetings, send incorrect invitations, or modify calendar data inaccurately across time zones.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises destructive capabilities such as deleting emails and deleting calendar events without an explicit warning or confirmation guidance. In an agent setting, this increases the chance of unintended irreversible or hard-to-recover data modifications, especially during bulk operations.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The date conversion logic assumes a fixed +07:00 locale rather than respecting actual user/system timezone or explicit event timezone metadata. In a calendar skill, this is especially dangerous because it can corrupt scheduling semantics, alter reminder timing, and cause erroneous RSVPs or event updates.

Missing User Warnings

High
Confidence
81% confidence
Finding
Bulk deletion materially increases blast radius because a single invocation can remove many emails at once, yet this CLI provides no additional guardrails, preview, or confirmation. In an agent skill context, where actions may be composed from model output or ambiguous user intent, this makes accidental or prompt-induced mass deletion significantly more dangerous than a single-item delete.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The FastmailError.toJSON() method serializes the raw details field directly into error output. In this file, authentication and API-related errors populate details with originalError or responseBody, which can contain tokens, credentials, server responses, or other sensitive data; if surfaced to CLI logs, telemetry, or calling agents, this can leak secrets and internal context.

Session Persistence

Medium
Category
Rogue Agent
Content
export FASTMAIL_PASSWORD="your-app-password-here"
```

Or create a `.env` file:

```bash
echo "FASTMAIL_API_TOKEN=your-api-token-here" >> .env
Confidence
93% confidence
Finding
create a `.env` file: ```bash echo "FASTMAIL_API_TOKEN=your-api-token-here" >> .env echo "FASTMAIL_USERNAME=your-email@fastmail.com" >> .env echo "FASTMAIL_PASSWORD=your-app-password-here" >> .env ``

External Script Fetching

High
Category
Supply Chain
Content
### Requirements

- [Bun](https://bun.sh/) - JavaScript runtime (install with `curl -fsSL https://bun.sh/install | bash`)

## Troubleshooting
Confidence
97% confidence
Finding
curl -fsSL https://bun.sh/install | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal