Back to skill

Security audit

gmail-labeler

Security checks across malware telemetry and agentic risk

Overview

This Gmail automation is purpose-aligned, but it needs Review because it can alter mailbox state, send email excerpts to an LLM tool by default, fetch a hard-coded production secret in its launcher, and persist sensitive email metadata in local logs.

Review carefully before installing. Start only in dry-run, disable llmReview.enabled unless you are comfortable sending email excerpts to the configured model tooling, replace the hard-coded Doppler production secret flow with your own scoped credential setup, and protect or reduce the local JSONL logs before enabling label-only or full mailbox changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises shell execution plus file read/write behavior via runners, logs, and local overlay access, but does not declare any permissions or safety boundaries. In a mailbox automation skill, undeclared capabilities reduce transparency and can lead users to run code that modifies local files or invokes external tools without informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill clearly states it will classify, label, and archive Gmail messages, but it does not prominently warn that running it changes mailbox state by removing messages from Inbox and creating/applying labels. In this context, silent state-changing behavior is risky because misclassification can hide important emails or alter records before the user understands the consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The LLM review path sends email metadata and body excerpts to an external command/provider, including sender, subject, and message content, without any user consent gate, redaction step, or policy enforcement in this file. In a Gmail automation skill, that can expose sensitive personal, business, or regulated email content to third-party model infrastructure and logs, creating a real confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.