Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 90% confidence
- Finding
- The skill advertises broad email access capabilities, but the documented behavior centers on extracting a WalletConnect URI from EtherMail’s login flow and using a local private key to complete wallet-based authentication. That mismatch is dangerous because it can cause an agent or user to invoke the skill for ordinary email tasks while instead initiating sensitive wallet-signing activity and browser scraping against an authentication surface.
