Back to skill

Security audit

ProtonMail

Security checks across malware telemetry and agentic risk

Overview

This ProtonMail skill appears purpose-built for reading mail through a local bridge, but its setup exposes sensitive mailbox access and credentials in ways users should review carefully.

Install only for a ProtonMail account you are comfortable allowing the agent to access. Prefer trusted and pinned bridge software, bind bridge ports to 127.0.0.1 only, protect any credential file with restrictive permissions such as 600, avoid committing or sharing config files, and understand that list/search/read operations may reveal private email contents to the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities to read configuration files, consume environment variables, and connect over IMAP/network, but it does not declare corresponding permissions. Undeclared sensitive capabilities reduce transparency and can cause an agent or user to grant broader trust than warranted, especially for a mail-access skill handling private communications and credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to place the ProtonMail bridge password in a plaintext config file and provides no warning about secret handling, file permissions, or safer storage options. Because this skill accesses an email account, exposure of the bridge password can enable unauthorized mailbox access, message retrieval, and privacy compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.