Back to skill

Security audit

通用 SMTP 邮件发送工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a real SMTP email sender, but it stores reusable mailbox credentials persistently and can send local files outward, so it needs review before installation.

Install only if you are comfortable with an agent using a configured mailbox to send email. Prefer an app-specific authorization code instead of an account password, avoid passing passwords on the command line, confirm recipients and attachments before every send, and remove the stored SMTP_MAIL_PWD value when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities that access environment-like credential storage and read local files for attachments/HTML input, but it declares no corresponding permissions. This creates a mismatch between what the skill can do and what a reviewer or enforcement layer may expect, weakening transparency and increasing the chance of unintended credential handling or file access without explicit approval.

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
Allowing the SMTP password to be supplied as a command-line argument is unsafe because process arguments are often exposed via shell history, process listings, logs, task schedulers, and monitoring tools. In an agent/automation context, this raises the chance of credential disclosure well beyond the stated interactive setup model.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The scenario list lacks clear inclusion and exclusion rules, so the skill may match a wide range of common requests about reports, reminders, or notifications. In context, this is more dangerous than a benign utility because accidental activation could expose attachment contents, use persisted credentials, or cause unintended external communication.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The scenario list lacks clear inclusion and exclusion rules, so the skill may match a wide range of common requests about reports, reminders, or notifications. In context, this is more dangerous than a benign utility because accidental activation could expose attachment contents, use persisted credentials, or cause unintended external communication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script stores the SMTP password in the Windows user Environment registry as plaintext-like persistent data, which can be recovered by local processes running as the user, scripts, or other software that reads environment configuration. Persisting reusable email credentials this way materially increases the risk of account compromise and downstream abuse of the mailbox.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.