Back to plugin

Security audit

Apple Mail

Security checks across malware telemetry and agentic risk

Overview

The plugin is a real Apple Mail integration, but it can automatically read email, send replies, and attach local files without clear per-message user approval.

Install only if you are comfortable giving this plugin active control over a configured Apple Mail account. Use a dedicated mailbox, keep allowFrom and allowOutboundTo narrow, avoid wildcard senders, disable archiving unless needed, review logs for email-content exposure, and do not use it for sensitive mail until it has explicit send confirmation and safer attachment handling.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
src/channel.ts:58
Evidence
const content = readFileSync(sessionFile, "utf-8");