ProtonMail

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to read ProtonMail through a local bridge, but its setup and credential handling expose sensitive email access in ways users should review first.

Install only for a ProtonMail account you want the agent to access. Prefer official or pinned bridge software, bind bridge ports to 127.0.0.1 only, protect credential files with restrictive permissions or a secret manager, and be aware that some list/search behavior may change email read status.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to place ProtonMail usernames and bridge passwords into a plaintext config file or environment variables without any warning about secure storage, file permissions, or secret-management practices. Because these credentials grant access to a user's mailbox, disclosure could lead to full email compromise, including sensitive personal or financial data exposure.

Credential Access

High

Category: Privilege Escalation
Content: } # Try config file first config_file = Path.home() / ".config/protonmail-bridge/config.env" if config_file.exists(): for line in config_file.read_text().splitlines(): if '=' in line and not line.startswith('#'):
Confidence: 82% confidence
Finding: .env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal