Security audit

Manage your tuta.com account

Security checks across malware telemetry and agentic risk

Overview

This Tuta mail skill does what it claims, but it handles full mailbox access and stores reusable decrypted mail keys locally in a way users should review carefully.

Install only if you trust this publisher with full access to your Tuta mailbox and sending mail from your account. Use a private session-file path instead of /tmp when possible, delete the session file after use, protect openclaw.json, and manually confirm recipients, subject, and body before any send action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The client serializes and saves the access token plus decrypted passphrase, user-group, and mail-group keys to a local JSON file. Those values are sufficient to reuse the authenticated session and decrypt mailbox contents, so compromise of that file effectively compromises the user's email confidentiality and account session far beyond the immediate command.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger phrases are extremely broad, including generic terms like 'email', 'mail', and 'read email', which can cause the skill to activate in many unrelated contexts. Because this skill can access inbox contents and send mail through stored credentials, accidental invocation could expose private messages or trigger unauthorized email actions without the user intending to use Tuta specifically.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation instructs users to store account credentials in configuration and to save a session file containing an access token and decrypted keys under /tmp, but it does not warn that these artifacts are highly sensitive. On multi-user systems or systems with weak temporary-file hygiene, this can enable credential theft, session hijacking, and full mailbox compromise, especially since decrypted key material is explicitly persisted.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The login flow writes highly sensitive authentication and decrypted cryptographic material to disk with no user-facing warning. In the context of an email skill handling end-to-end encrypted mail, this undermines the security model because any local process, backup system, or accidental file exposure can grant ongoing access to private messages.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal