dingtalk mailbox

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DingTalk mailbox helper that can read and send email, so it is sensitive but aligned with its stated purpose.

Install only if you intend to give an agent access to your DingTalk mailbox through the configured MCP URL. Treat that URL like a credential, keep it scoped to the right account, and require a preview and explicit approval of sender, recipients, subject, body, and CC before any send_email call, especially for bulk messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill enables access to mailbox contents and outbound email sending, both of which are privacy-sensitive and can cause irreversible actions, but it does not present any explicit warning, confirmation guidance, or safety boundaries. In an agent context, this increases the risk of unauthorized data exposure, overbroad mailbox searches, or accidental email transmission because users may not understand the sensitivity of the MCP token or the consequences of sending mail.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal