GoToEmail — 邮箱绑定

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This email skill appears aligned with its stated purpose, but it asks for mailbox secrets and can read, send, and mark messages read without enough consent, storage, or privacy controls.

Install only if you are comfortable giving the skill access to your mailbox. Use revocable app passwords or authorization codes, avoid primary account passwords where possible, confirm each send/read action, set mark_as_read to false unless you want messages changed, and revoke the mailbox token if it is exposed or no longer needed.

SkillSpector (5)

By NVIDIA

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad terms like '读邮件', '发邮件', 'bind email', and 'connect mailbox', which can overlap with ordinary user requests. This increases the chance the skill is invoked unintentionally for sensitive mailbox actions, exposing credentials or causing email operations when the user did not mean to use this specific skill.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to provide highly sensitive secrets such as email passwords, authorization codes, and app passwords, and it supports reading and sending email over the network without an explicit privacy or data-handling warning. In this context, the absence of a clear warning and consent model is dangerous because compromise or mishandling of these credentials can lead to full mailbox access, message exfiltration, and account abuse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This document instructs users how to obtain and use email authorization codes and app passwords, but it does not warn that these are sensitive secrets equivalent to mailbox access. In the context of an email-management skill, omission of secret-handling guidance increases the risk that users paste, log, store, or share credentials insecurely, enabling account takeover or unauthorized email access.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The script requires users to provide mailbox credentials and then connects to a remote IMAP server to retrieve full message contents, but the file itself does not communicate any privacy or data-handling warning at the point of use. In an agent skill context, this can cause users to disclose highly sensitive account access and email contents without informed consent about the scope of access, retention, or exposure risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documented input defaults `mark_as_read` to true, and the implementation calls `conn.store(uid, "+FLAGS", "\\Seen")`, which changes mailbox state as a side effect of reading. This can alter evidence, workflow state, or user expectations without sufficiently explicit warning or opt-in, especially in security- or compliance-sensitive inboxes.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal