Apple Mail (MacOS)

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Apple Mail automation skill with real mailbox authority, but its sensitive actions are disclosed and gated by previews and confirmations.

Install only if you want an agent to operate real Apple Mail accounts on this Mac. Keep dry-run and confirmation requirements enabled for sending, deleting, reply-all, forwarding, and bulk actions, and review the local ~/apple-mail-macos/ logs if retained mailbox context becomes too broad.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document explicitly directs the agent to use osascript for destructive and state-changing mail operations such as send, move, archive, and delete, but it does not require any confirmation, scope validation, or user warning before those actions occur. In a mail-management skill, this creates a real risk of unintended mailbox modification or message transmission, especially because the guidance emphasizes deterministic execution rather than safety interlocks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal