Insecure tls verification
Warn
- Finding
- HTTPS certificate verification is disabled.
139mail
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This email skill mostly matches its purpose, but it disables IMAP TLS certificate verification while handling mailbox credentials and makes a local credential-file safety claim that is not backed by the provided artifacts.
Only install this if you are comfortable granting the agent access to read and send email from the configured mailbox. Use an app-specific password, manually restrict the config file permissions, confirm every outgoing email and attachment, and avoid using the skill until the IMAP TLS certificate verification issue is fixed.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI07: Insecure Inter-Agent Communication
High
What this means
A network attacker or spoofed mail server could potentially intercept mailbox credentials or email contents.
Why it was flagged
The IMAP client disables TLS certificate verification while authenticating to the mail server and fetching mailbox data.
Skill content
tlsOptions: { rejectUnauthorized: false }Recommendation
Do not use the skill until certificate verification is enabled by default; only allow an explicit, documented opt-out for trusted test environments.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Installing and configuring this skill gives the agent authority to read your mailbox and send email as you.
Why it was flagged
The skill uses the configured mailbox credentials to send email through SMTP and also uses the same credential data for IMAP mailbox access.
Skill content
auth: { user: config.email, pass: config.password }Recommendation
Use an app-specific authorization code, limit the account’s privileges where possible, and confirm all send actions before execution.
#
ASI09: Human-Agent Trust Exploitation
Medium
What this means
Users may believe their stored email authorization code is protected when the reviewed artifacts do not demonstrate that protection.
Why it was flagged
The documentation states that the config file permissions are already user-only, but the provided artifacts do not show code or an install step that creates the file or sets those permissions.
Skill content
- 配置文件权限已设置为仅用户可读
Recommendation
Document the actual storage behavior and explicitly instruct users to set restrictive permissions, or implement secure file creation and permission checks.
#
ASI01: Agent Goal Hijack
Low
What this means
A malicious email could contain instructions that try to mislead the agent or user into unsafe actions.
Why it was flagged
The read-email path returns external email body content to the agent, including text and HTML fields.
Skill content
text: parsed.text || '', html: parsed.html || ''
Recommendation
Treat email contents as untrusted data and do not let instructions inside emails override the user’s actual request.