Back to skill

Security audit

Offer-Rain

Security checks across malware telemetry and agentic risk

Overview

This resume-email skill is mostly coherent, but it stores and duplicates email credentials in local JSON files without adequate disclosure or protection.

Review before installing. Use only if you are comfortable with local plaintext files containing your email authorization code, resume path, recipient addresses, and message contents. Prefer changing the skill to prompt for the authorization code at send time or use a secure secret store, and clean up generated log/config files after sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs persistent storage of profile attributes such as school, major, graduation year/month, and grade for future reuse, which are not strictly required to send an email. This creates unnecessary retention of personal data and increases privacy exposure if local files are accessed by other users, malware, or backup/sync systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly tells the agent to collect and write the user's email password/authorization code into `user.json` without warning about credential sensitivity, plaintext storage risk, or safer alternatives. Because this credential can be reused to send mail as the user, compromise of the local file could lead to account abuse, impersonation, and broader account takeover depending on provider settings.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs creation of per-recipient config/log files containing recipient address, message body, attachment path, and inherited sender credentials, but does not warn the user that sensitive data will be written locally. This increases the attack surface by scattering secrets and personal content across multiple files that may be exposed through local access, syncing, backups, or accidental sharing.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs persistent collection and storage of the user's email credentials and resume file path in a local JSON file. In this skill context, that is especially dangerous because the stored credential enables outbound email impersonation and the resume path reveals sensitive personal document locations, making theft or misuse more damaging than in a generic config scenario.

Ssd 3

High
Confidence
99% confidence
Finding
The skill tells the agent to duplicate the user's password and other personal data into every per-recipient config file under the log directory. This materially amplifies the blast radius of a compromise: one mailbox credential is replicated across multiple files alongside recipient and message metadata, making credential theft, account abuse, and privacy leakage far more likely and harder to remediate.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.