Sensitive-looking file read is paired with a network send.
Warn
- Code
- suspicious.potential_exfiltration
- Location
- src/channel.ts:58
- Evidence
const content = readFileSync(sessionFile, "utf-8");
Security audit
Security checks across malware telemetry and agentic risk
The plugin is a real Apple Mail integration, but it can automatically read email, send replies, and attach local files without clear per-message user approval.
Install only if you are comfortable giving this plugin active control over a configured Apple Mail account. Use a dedicated mailbox, keep allowFrom and allowOutboundTo narrow, avoid wildcard senders, disable archiving unless needed, review logs for email-content exposure, and do not use it for sensitive mail until it has explicit send confirmation and safer attachment handling.
64/64 vendors flagged this plugin as clean.
Detected: suspicious.potential_exfiltration
const content = readFileSync(sessionFile, "utf-8");