Instantly

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Instantly email-platform integration, and its sensitive email actions are expected for that purpose.

Install this only if you want an agent to operate your Instantly account through Maton. Keep the Maton API key and any SMTP/IMAP passwords secret, confirm the exact account/campaign/message before any send or mailbox-changing action, and understand that cold-email mistakes can affect deliverability and sender reputation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents operations for creating sending accounts with SMTP/IMAP passwords and for performing outbound email actions, but it does not place prominent user-facing warnings directly adjacent to those high-risk actions. In an agent context, this increases the chance of users unknowingly exposing credentials or authorizing actions that affect mailbox state, deliverability, or reputation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal