Stalwart Dokploy Resend Relay

Security checks across malware telemetry and agentic risk

Overview

This is a coherent mail-server setup guide, but users should protect the Resend key and server access carefully.

Install only if you intend to administer this VPS mail setup. Keep the Resend API key, mailbox passwords, Dokploy admin access, and SSH access out of chat logs, tickets, screenshots, shell history, and repositories; prefer protected secret storage and rotate any credential that may have been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly requires and uses a Resend API key to configure SMTP relay but does not include guidance to treat it as a secret, avoid logging or pasting it into insecure channels, or store it in Dokploy/Stalwart secret management rather than plaintext config. In an agent-driven setup workflow, this omission increases the chance the credential is exposed in terminal history, chat logs, screenshots, deployment manifests, or persistent configuration visible to other operators.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal