Security audit

email-quote-automation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real email-quote automation tool, but it should be reviewed carefully because it reads customer mail, stores it locally, sends non-Chinese content to external translation, and marks messages as read by default.

Review before installing. Use a dedicated least-privilege mailbox and app password, disable or replace external translation for confidential mail, restrict permissions on the storage directory, set a retention/deletion process, and test on a non-production inbox before allowing it to mark messages as read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly says processed emails, extracted text, translations, and quotations are stored on disk, but it does not warn users that these artifacts may contain sensitive personal, commercial, or confidential data. In an email-processing automation tool, this omission can lead to insecure deployment, over-retention, or accidental exposure of customer information because operators may not realize the privacy and data-governance implications.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The README promotes automatic translation and lists external translation engines, but does not clearly warn that email contents may be transmitted to third-party services for processing. Because inquiry emails can include customer identities, pricing, designs, addresses, or other confidential business data, users may unknowingly exfiltrate sensitive content outside their environment.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The README states that the tool marks emails as read, but it does not warn that this changes mailbox state and can interfere with auditability, triage workflows, or other automations relying on unread status. In shared or operational inboxes, silent state changes can cause missed inquiries, confusion about whether a human reviewed a message, and loss of reliable processing signals.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README promotes automatic retrieval, local archiving, translation, quote generation, and marking emails as read, but it does not clearly warn users that customer emails may contain personal data, business-sensitive information, or attachments that will be stored and possibly sent to third-party translation services. In this skill context, the risk is real because the tool is designed to process inbound customer communications at scale, so users may unknowingly create privacy, retention, and compliance exposure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs users to enter mailbox credentials and configure translation engines, including API-based and third-party options, without warning about secure secret storage or external data transfer. This is dangerous because users may place passwords or authorization tokens directly in source files and may unknowingly send customer content to outside translation providers, increasing the chance of credential leakage and unauthorized disclosure.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The skill description uses broad trigger language like 'Use when需要处理...' covering email handling, translation, and quote generation without clear consent or scope boundaries. In an automation context, ambiguous invocation can cause the agent to process sensitive customer emails or perform external data transfers when the user did not explicitly request those actions.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill states that original emails and translated content are saved locally, but it does not warn the user that potentially sensitive customer communications will be retained on disk. This creates privacy, compliance, and data exposure risk, especially if the local system is shared, backed up insecurely, or compromised.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill indicates that non-Chinese emails are sent to translation APIs such as Baidu or Google, but it does not warn that customer email content may be transmitted to third-party services. This can leak confidential business inquiries, personal data, or regulated information outside the user's environment without informed consent.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The description says non-Chinese mail is automatically translated into Chinese, implying language transformation is mandatory rather than user-controlled. Forced translation can alter meaning, mishandle customer intent, and route sensitive content through translation workflows without explicit approval, increasing privacy and business-process risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The code sends arbitrary input text to the `googletrans` translation backend, which relies on an external service, without any visible consent, warning, redaction, or policy control around potentially sensitive email content. In the context of translating emails, this can expose confidential or regulated data to third parties and create privacy/compliance risk even if the behavior is functionally intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.