Back to skill

Security audit

WeCom邮箱

Security checks across malware telemetry and agentic risk

Overview

This email skill is purpose-aligned, but it needs Review because it directs agents to persistent mailbox credential files and weakly scoped email-sending authority.

Install only if you intend to let the agent use a dedicated, least-privileged work mailbox. Avoid Base64-stored real passwords, avoid personal or delegated accounts unless explicitly approved, and require confirmation of sender, recipients, subject, body, and any document content before every email is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad everyday terms such as '发送邮件' and '发邮件', which can cause the skill to activate in contexts where the user did not intend to use this specific mail-sending capability. Because this skill can read documents and send outbound email, accidental activation raises the risk of unintended exfiltration or privacy-impacting actions if the agent proceeds too far before explicit confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description presents email sending as a convenience feature and explicitly mentions reading meeting minutes and business documents, but it does not prominently warn that this is an external transmission channel that may expose confidential or personal data. In this context, missing user-facing warnings materially increases the chance of users or agents sending sensitive internal content outside appropriate boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.