ClawHub

基于163邮箱SMTP发送邮件功能

Security checks across malware telemetry and agentic risk

Overview

This email-sending skill appears purpose-aligned, but it handles SMTP credentials and logs recipient/message data in a way users should review before installing.

Review the logging settings before installing or running this skill. Use a dedicated SMTP app password, avoid placing credentials in shell profiles or shared environments, and do not send confidential emails unless logs are disabled, redacted, or stored in a private location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to export email address and SMTP authorization credentials as environment variables but does not warn that environment variables can be exposed through shell history, process inspection, shared session environments, CI logs, or accidental persistence in shell profiles. Because these credentials enable sending mail from the account, compromise can lead to account abuse, spam, and unauthorized access to mail-related services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents a logging feature that records send time, subject, recipients, content, and results, but it does not warn that these logs may contain sensitive personal data, confidential message bodies, or operational metadata. If logs are stored in shared or improperly protected locations, they can leak recipient identities and message contents to unauthorized users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The program logs email subjects, recipients, and up to 200 characters of message content to a local file by default. This can expose sensitive business or personal information to other local users, backups, or log collection systems, especially because the default path is the current directory and file permissions are world-readable (0644).

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal