Back to skill

Security audit

uspeedo-email-sending-channel

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed uSpeedo email-sending skill that uses sensitive API keys and can send real email, but its main instructions require user confirmation and safe handling before sending.

Install only if you intend to send email through uSpeedo. Use environment variables or a secure secret mechanism for ACCESSKEY_ID and ACCESSKEY_SECRET, prefer test or least-privilege keys, avoid sensitive message bodies unless necessary, and require a clear final confirmation of sender, recipients, subject, and exact content before any email is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The example code returns raw `res.json()` and, on failure, includes `detail: listJson`, which contradicts the surrounding guidance to report only user-safe outcomes and avoid exposing raw API responses. If an agent follows the example literally, upstream API error payloads or internal metadata could be surfaced to users or logs, increasing the chance of sensitive information disclosure.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented workflow requires explicit same-turn confirmation of sender, recipients, subject, and content plus mandatory safety gates before sending, but the example implementation sends immediately once parameters are present. In agent ecosystems, examples are often copied as the operational behavior, so this mismatch can bypass user authorization checks and content validation, enabling unintended or abusive outbound email sending.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.