Morning Brief

Security checks across malware telemetry and agentic risk

Overview

The skill advertises a daily weather/news/sports briefing, but it also bundles an undocumented script that can read a Gmail inbox.

Review before installing. The scheduled morning brief is understandable, but do not provide Gmail credentials or run email_briefing.py unless you explicitly want this skill to read your Gmail inbox; the publisher should document, scope, or remove that helper before this is treated as routine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill connects to a remote Gmail inbox and reads message data without any explicit runtime disclosure, consent, or scope limitation beyond unseen messages from the last day. In an agent-skill context, silent remote mailbox access is sensitive because it can expose private communications and normalize unexpected data access.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code fetches full RFC822 messages even though it only uses headers like Subject, From, and Date, unnecessarily broadening access to the complete contents of private emails. This increases exposure of sensitive inbox data and creates avoidable privacy risk if the skill is run in a shared, logged, or agent-controlled environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal