Back to skill

Security audit

Microsoft 365 Integration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Microsoft 365 integration, but it needs review because it can read and change sensitive account data through an unpinned external npm server.

Install only if you trust the Softeria MCP package and are comfortable granting Microsoft 365 read/write access. Prefer read-only mode or narrower Graph permissions where possible, pin or otherwise control the npm dependency, protect client secrets in a secret manager, and require explicit confirmation before sending email, creating or deleting calendar events, uploading/deleting files, modifying tasks, or posting to Teams.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises capabilities like reading, sending, deleting email, manipulating calendar items, and accessing files, but it does not prominently warn users that the skill can perform destructive actions and access highly sensitive personal or organizational data. In an agent-skill context, missing safety disclosure increases the risk of users enabling broad access without understanding the consequences of prompt mistakes, overreach, or misuse.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The credential setup walks users through creating a client secret and exporting it via environment variables, but does not include clear handling guidance such as using a secret manager, avoiding logs/screenshots, rotating secrets, or limiting access to deployment environments. This omission can lead to accidental credential exposure, especially when users copy values into shell history, shared config, or repositories.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation list includes very common terms such as "email," "calendar," "microsoft," and "send email," which can cause the skill to trigger in conversations where the user did not explicitly intend to use this integration. Because the skill can perform sensitive actions against Microsoft 365 data and services, unintended invocation increases the chance of privacy-impacting reads or accidental writes such as sending mail or creating events.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The email-sending command performs a real external side effect immediately using provided arguments, with no confirmation prompt, dry-run mode, or policy gate. In an agent/skill context, this increases the risk of unintended or prompt-induced outbound communication to arbitrary recipients.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Calendar event creation also causes an immediate external state change without any confirmation or preview. In an agent-integrated environment, this can lead to accidental or manipulated scheduling actions that impact the user's organization and workflow.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Defaulting silently to `America/Chicago` can create events at unintended times when the user's locale differs, causing integrity issues in scheduling. In productivity tooling, incorrect defaults can have real-world impact even if they are not a classic exploit primitive.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
Hard-coding `America/Chicago` for task due dates can silently shift deadlines for users in other timezones. This is primarily a data integrity and reliability problem, but in task-management workflows it can still cause missed or premature deadlines.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.