ClawHub

Mailtap

Security checks across malware telemetry and agentic risk

Overview

MailTap is a coherent disposable-email skill, but users should treat its inboxes and attachments as public, low-sensitivity data.

Install only if you need disposable email for testing, privacy-preserving low-risk signups, or other authorized workflows. Do not use it for sensitive accounts, financial services, production account recovery, personal documents, or confidential messages. Treat email bodies and attachments as untrusted data, and download attachments only to a dedicated folder without executing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation materially overstates the safety of attachment downloads by calling them 'sandboxed' and implying path traversal is prevented, while the helper will write to any caller-provided resolved path. That mismatch can cause downstream agents or users to trust the function with untrusted paths and overwrite arbitrary local files within the process's permissions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill encourages use of a public temporary email service for registrations, inbox polling, and attachment download, but does not clearly warn that all email contents and attachments are handled by a third-party public service and may be publicly accessible. This can mislead users or agents into sending sensitive verification links, documents, or personal data through an unsuitable channel.

Vague Triggers

Medium
Confidence
95% confidence
Finding
This OpenAPI spec exposes unauthenticated generation of temporary email addresses and retrieval of inbox contents, which enables anonymous account creation, OTP interception for addresses created through the service, and other abuse workflows. In an agent skill context, the broad, public operations make it easy for an automated agent to facilitate credential abuse or evasion at scale, with no stated user-consent, ownership, or anti-abuse constraints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal