Security audit

Email MCP Helper

Security checks across malware telemetry and agentic risk

Overview

This is a transparent email-tool reference, but it gives an agent broad multi-account email access and mutation power without enough built-in consent and safety boundaries.

Install only if you control and trust the MCP server and proxy, understand which accounts are configured, and can protect the API key and email credentials. Add separate agent rules requiring explicit user approval before sending, forwarding, replying, scheduling, deleting, moving, labeling, downloading attachments, or running bulk email operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill exposes broad read, search, send, delete, move, and attachment-download capabilities over potentially multiple email accounts, but it does not present clear user-facing privacy boundaries, consent expectations, retention limits, or warnings about the sensitivity of mailbox contents. In context, the skill is especially risky because it is a tool-reference skill that normalizes powerful email operations while delegating safe usage to another unspecified skill, increasing the chance that an agent or user enables invasive access without understanding the data-handling implications.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal