ClawHub

Email Marketing

Security checks across malware telemetry and agentic risk

Overview

This email marketing skill is not clearly malicious, but it handles subscriber data and campaign sending workflows with weak safeguards and overstated capabilities.

Review before installing. Use only consented subscriber data, prefer dry runs, and avoid real mailing lists unless you add recipient previews, explicit confirmation, privacy-safe logging, unsubscribe handling, retention/deletion rules, and path validation for list, template, and campaign names.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation indicates local file read/write behavior for campaign and subscriber data, but no permissions are declared. In an agent setting, undeclared data access reduces transparency and can lead to unsafe handling of subscriber PII or unintended modification of local data stores.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill's declared purpose understates important behaviors such as modifying subscriber lists, persisting local customer data, and performing real email sending via SMTP-like infrastructure. This mismatch can cause operators or downstream agents to invoke the skill without understanding that it processes personal data and can trigger irreversible external actions like bulk email sends.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The broad activation wording ('Use when creating email sequences, drip campaigns, promotional emails, or customer retention workflows') increases the chance that an agent selects this skill for generic email-related requests without recognizing its ability to manipulate subscriber data or send live campaigns. Over-broad routing language can therefore widen exposure to accidental misuse and unintended outbound communications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation provides ready-to-run commands for sending campaigns and adding subscribers but does not prominently warn about PII handling, consent requirements, or the risk of live sends. In practice, this can lead to accidental emailing, unauthorized subscriber additions, or non-compliant processing of customer data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script logs full subscriber email addresses during add and send operations, which exposes personally identifiable information in console output and any downstream log collection systems. If logs are retained, shared, or centrally aggregated, this can leak mailing-list membership and recipient data beyond the intended operational scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal