Security audit

Automatically logs into email accounts (Gmail, Outlook, QQ Mail, etc.) and generates daily email summaries. Use when the user wants to get a summary of their emails, check important messages, or create daily email digests.

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate email-summary purpose, but it needs review because it gives automation broad access to logged-in mailboxes and encourages persistent storage, scheduling, and optional AI extraction of sensitive email data.

Install only if you are comfortable granting browser automation access to your logged-in email. Prefer a separate browser profile or limited mailbox, do not type real passwords into command examples, avoid screenshots and saved logs unless necessary, and do not enable cron/launchd scheduling or AI extraction unless you intentionally accept recurring access and possible third-party processing of email-derived data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill explicitly documents a manual login flow that includes typing raw email addresses and passwords into automation commands. In the context of an email-summary skill, this is dangerous because it encourages credential handling by the agent/tooling layer, increasing the risk of credential exposure in command history, logs, screenshots, or prompt/output artifacts.

Context-Inappropriate Capability

Low

Confidence: 89% confidence
Finding: The documentation references API-key-based AI summarization without clearly constraining how mailbox data is transmitted to that external service. Even though it mentions environment variables, introducing an external API path unrelated to the declared local tool scope can cause sensitive email content to be sent off-box without adequate notice or authorization.

Scope Creep

Medium

Confidence: 84% confidence
Finding: The skill instructs saving inbox screenshots to local files, which persists sensitive mailbox contents outside the active browser session. This exceeds the narrowly declared tool scope and creates residual copies of private communications that may be readable by other local users, backups, or later processes.

Scope Creep

High

Confidence: 98% confidence
Finding: The example workflow uses undeclared shell, filesystem, and process capabilities such as mkdir, sleep, shell scripts, and log redirection to build a persistent email-processing pipeline. In this context, those extra capabilities materially increase risk because they enable durable storage of mailbox-derived data and execution beyond the stated permissions model.

Scope Creep

High

Confidence: 98% confidence
Finding: The scheduling instructions configure cron/launchd persistence and ongoing log writes, turning a one-off mailbox access workflow into an unattended recurring collector. That is especially dangerous for email data because it creates long-lived automation over private communications and increases the chance of unauthorized access, data accumulation, and unnoticed failures leaking content to logs.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The invocation text is broad enough to match many ordinary email-related requests, which can cause the skill to activate in situations where the user did not intend mailbox automation or content extraction. In a high-sensitivity domain like email, over-broad triggering increases the chance of unnecessary access to private data.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The instructions direct the agent to extract senders, subjects, snippets, and screenshots from the inbox without a clear privacy warning or minimization guidance. Because email commonly contains highly sensitive personal, financial, and business information, collecting and saving this data creates significant confidentiality risk even if the skill's goal is legitimate summarization.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The AI summarization section omits a clear warning that mailbox contents may be transmitted to an external service when an API key is configured. This is particularly dangerous because users may assume local summarization, while the skill could instead export sensitive email data to a third party.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill instructs the agent to collect, process, and persist highly private email artifacts including sender identities, subjects, snippets, screenshots, and generated summaries. In the context of an email skill, this is inherently sensitive data handling, and the combination of extraction plus persistence materially raises the risk of privacy breaches and unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal