Nadmail

Security checks across malware telemetry and agentic risk

Overview

NadMail is purpose-aligned but needs review because it handles crypto wallet secrets and payment-linked email actions with weak password-entry handling.

Install only if you trust NadMail with wallet-based authentication and email activity. Use a dedicated low-value wallet, avoid entering wallet passwords in recorded or shared terminals, protect ~/.nadmail/token.json and private-key.enc, and review emo-buy costs and daily caps before allowing an agent to send mail autonomously.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation describes use of environment variables for private keys and repeated network access to NadMail APIs, but the skill metadata does not declare corresponding permissions. This creates a transparency and consent problem: an agent or platform may execute actions involving secrets and outbound requests without users having an explicit permission boundary or review point.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The encryption password is collected through readline with terminal echo enabled, so anyone observing the screen, terminal recording, shell sharing session, or some logging setups can capture the password in plaintext. Because that password protects the encrypted private key, exposure can directly enable wallet compromise if the encrypted key file is later accessed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal