ClawHub

my_send_email

Security checks across malware telemetry and agentic risk

Overview

This email skill matches its stated purpose, but it embeds a reusable corporate SMTP password and can send arbitrary outbound email without clear confirmation controls.

Review carefully before installing. Rotate the exposed SMTP password, replace hardcoded credentials with a user-managed secret, and require explicit confirmation of recipient, subject, and body before any email is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This skill provides direct email-sending capability using hardcoded corporate SMTP credentials, but no declared purpose, access controls, or policy checks justify that capability. In an agent environment, this can be abused to exfiltrate data, send unauthorized messages from a corporate account, or act as a spam/phishing relay.

Intent-Code Divergence

Low
Confidence
99% confidence
Finding
The code embeds fixed corporate SMTP credentials directly in source while the comment implies user-specific configuration, which is misleading and unsafe. Anyone with code access can recover the password and send mail as the corporate identity, enabling account misuse, impersonation, and possible broader compromise if the password is reused.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation instructs users to send email to external recipients and pass arbitrary subject/content, but it does not warn that user-provided data will be transmitted outside the system. This can lead to unintended data exfiltration, privacy violations, or accidental emailing of sensitive information because the user is not clearly informed of the outbound communication risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to match many ordinary requests involving email or notifications, which increases the chance the agent will invoke it in situations where email sending was not explicitly intended or sufficiently verified. Because this skill can transmit user-provided subject and content to an arbitrary receiver via SMTP, overbroad triggering can cause unintended outbound communication, privacy leaks, or abuse if downstream safeguards are weak.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends data off-system to an arbitrary recipient without any user-facing warning, consent step, or confirmation. In an agent setting, this increases the chance of silent data exfiltration, accidental disclosure, or misuse of the mail function for unauthorized communications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal