IMAP

Security checks across malware telemetry and agentic risk

Overview

This IMAP mailbox helper handles sensitive email access, but its behavior is disclosed, read-first, and limited to the user’s configured mail server.

Install this only if you want an agent to help with your mailbox. Keep read-only behavior as the default, confirm before any mailbox-changing action, use trusted app-password or local auth flows, and review ~/imap/ if you enable durable memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The setup instructs the agent to activate IMAP support for broad, common phrases like 'mailbox sync' or 'remote inbox search' early in a conversation, without requiring clear user confirmation. In an email-handling skill, overly broad activation can cause the agent to infer intent too aggressively, leading to unsolicited mailbox-related guidance, persistence decisions, or eventual mailbox access workflows the user did not explicitly request.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs creation of `~/imap/` and initialization files when memory is enabled, but it does not require explicit user notice or confirmation at the time of creation. Even though the stored data is limited to operational context, silently creating files in a user's home directory changes local state and may persist sensitive metadata such as account labels, folder mappings, or sync checkpoints beyond the current session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal