Back to skill

Security audit

Ravenclaw - Email Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill matches its email-bridge purpose, but it gives an agent direct authority to send mail, read inbox contents, persist email data, and optionally forward messages to Discord without clearly documented guardrails.

Install only if you trust the local Ravenclaw service and are comfortable granting it email account access. Use a dedicated or least-privilege mailbox, keep the API bound to localhost, restrict allowed recipient domains, protect the .env file, avoid Discord forwarding for sensitive mail, and manually review scheduled messages and stored inbox data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises capabilities to send email, read inbox contents, and manage scheduled messages, but it provides no warning about the privacy and security implications of granting an agent access to mailbox data and outbound mail functions. In an agent-skill ecosystem, this omission can lead users to enable sensitive capabilities without understanding that the skill may expose private email content or permit unauthorized outbound communication.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes an inbox-check capability that can fetch emails, forward their contents to a Discord webhook, and persist inbox data, but the documentation does not clearly warn users about these privacy and data-handling consequences. This can lead users to trigger actions that disclose sensitive email content to third-party services or create unexpected local data retention without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal