Robotomail

Security checks across malware telemetry and agentic risk

Overview

Robotomail is a coherent email-integration skill, but it gives agents broad real-email reading, sending, and monitoring powers without clear consent or scoping requirements.

Install only if you intend to let an agent use Robotomail for real email. Use a scoped API key where possible, confirm every send and mailbox read, avoid all-mailbox webhooks unless needed, and review any persistent webhook or event-monitoring setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger words and description are broad enough to activate on many ordinary email-related user requests, which can cause the agent to engage a powerful external email capability more often than necessary. In a skill that can send, read, and stream real mailbox data, over-broad invocation increases the chance of unnecessary access to sensitive inbox contents or unintended outbound email actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill enables handling real email, including inbox reads, outbound sending, webhooks, and SSE event streaming, but does not prominently require user confirmation or warn about external transmission and privacy implications. Because email commonly contains sensitive personal, business, and authentication data, an agent using this skill without explicit consent and disclosure could expose or process highly sensitive information inappropriately.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal