ClawHub

weavmail

Security checks across malware telemetry and agentic risk

Overview

This email skill appears purpose-built, but it deserves review because it can sync private mailboxes, store email locally, and send or move real emails with broad default scope.

Install only if you trust the external weavmail CLI and intend to grant it mailbox access. Prefer app-specific, revocable credentials; scope syncs with `--account` and `--limit` where possible; review every send, reply, archive, trash, or move action before it runs; and protect or delete the local `mails/` cache when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is described broadly enough that an agent may invoke it for many routine email-related tasks without an explicit confirmation boundary, even though it can send mail, move messages, and sync mailbox contents locally. In an agent setting, this increases the chance of unintended outbound communication or unnecessary access to sensitive email data when a task only loosely relates to email.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to sync emails locally and read stored Markdown files, but it does not prominently warn that this copies potentially sensitive message contents and metadata into the workspace. It also provides sending and reply capabilities without requiring an explicit user warning or confirmation, which can lead to privacy exposure, data retention issues, or unintended external communication.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal