Back to skill

Security audit

腾讯企业邮箱/qqexmail

Security checks across malware telemetry and agentic risk

Overview

This Tencent enterprise email skill is mostly transparent about reading and sending mail, but its SMTP sender disables TLS certificate verification while using mailbox credentials.

Review before installing. Treat EXMAIL_AUTH_CODE like an app password, avoid using the send script until TLS certificate verification is fixed, confirm every recipient and message body before sending, and avoid printing or piping mailbox contents where terminal logs, transcripts, or redirected files may capture sensitive email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly relies on environment variables for mailbox credentials and performs outbound network access to IMAP/SMTP servers, but the metadata shown does not declare these capabilities as permissions. Undeclared access to secrets and network resources weakens reviewability and consent, making it easier for a skill to access sensitive email data or send mail without clear permission boundaries.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger description is very broad: any user intent to send, receive, or check Tencent enterprise email may match ordinary conversation, which increases the chance of accidental invocation. In an email skill, unintended activation is security-relevant because it can expose mailbox contents or initiate message-sending workflows when the user did not clearly intend to use this capability.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The SMTP client explicitly disables TLS certificate verification with rejectUnauthorized: false, which allows a man-in-the-middle attacker to present an invalid or forged certificate and intercept or tamper with email traffic and credentials. In this skill's context, that is especially dangerous because the same connection carries the mailbox account and auth code used to send mail through a corporate email service.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.insecure_tls_verification

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/get-body.js:4

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/receive.js:4

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
scripts/send.js:20