Oathe Security Badge

Is matts8008/mailclaw-skill safe?

https://github.com/matts8008/mailclaw-skill

83
SAFE

The mailclaw-skill appears to be a legitimate service for sending physical mail via a third-party API, but it poses significant data exfiltration risks by reading user-specified files and transmitting their contents to external endpoints. While the functionality is clearly disclosed, users may not fully understand the security implications of uploading potentially sensitive documents to a third-party service.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

HIGH Arbitrary file reading and external transmission -30

The skill instructs the agent to read user-specified PDF files and transmit their base64-encoded contents to an external API (mailclaw.xyz). While this is disclosed functionality, it creates a significant data exfiltration vector where sensitive documents could be uploaded to a third-party service.

MEDIUM Unrestricted file path access -10

The skill does not restrict which file paths can be accessed, allowing users to potentially specify paths to sensitive files outside the intended directory.

MEDIUM External API interaction instructions -15

The skill instructs the agent to make HTTP POST requests to external endpoints with user data, which extends beyond typical skill functionality.

MEDIUM Social engineering potential -25

The legitimate-seeming purpose of mailing documents could be exploited to trick users into uploading sensitive files under the guise of postal services.

LOW Executable shell scripts in examples -5

The skill repository contains executable shell scripts with curl commands, though these are not directly executed by the skill itself.