Back to skill

Security audit

Email Helper - 邮件助手

Security checks across malware telemetry and agentic risk

Overview

This is a local email drafting and template helper with no evidence of network access, credential use, automatic sending, or hidden destructive behavior.

Install if you want a local email drafting helper. Review drafts before sending them, and avoid saving sensitive email content unless you are comfortable with it being kept in local JSON files in the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases shown in the README are very broad, everyday requests such as writing leave, business, or thank-you emails. In an agent or skill-routing system, such generic examples can cause the skill to be invoked unintentionally for common user messages, increasing the chance of overbroad activation and misrouting rather than a narrowly scoped, explicit tool invocation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad everyday expressions such as writing or replying to email, which increases the chance of unintended activation in unrelated conversations. In an agent setting, over-triggering can cause the skill to engage without clear user intent, potentially leading to inappropriate handling of user content or unexpected file operations tied to the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill declares file read/write permission for template storage but does not clearly tell the user when data will be written, what content is persisted, or where it is stored. This creates a transparency and privacy risk because user-provided email content or templates could be saved locally without informed consent, especially if the skill is triggered accidentally.

Ssd 3

Medium
Confidence
92% confidence
Finding
The code persistently stores full email objects in sent_emails.json without any minimization, encryption, access control, retention limit, or consent flow. Because these email objects can contain sensitive personal, business, financial, or contact information, a local file disclosure, backup leak, or unintended sharing of the working directory could expose user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.