Back to skill

Security audit

Email Chronicle Analyst

Security checks across malware telemetry and agentic risk

Overview

This email-analysis skill is coherent and disclosed, but users should treat the temporary cleaned email file as sensitive.

Install only if you are comfortable with local preprocessing of sensitive email files. Avoid feeding unrelated local paths as the .eml input, and consider deleting /tmp/eml_cleaned.txt after use or asking the publisher to switch to per-run temporary files with cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill instructs the agent to write a derived file to /tmp (/tmp/eml_cleaned.txt) but declares no permissions. Undeclared file-write behavior weakens reviewability and least-privilege controls, and can enable unexpected persistence or cross-task data exposure if temporary files are reused or left behind.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs execution of a local Python program on user-supplied .eml files, expanding scope from text analysis into code execution and local file processing. This is dangerous because it introduces trust in an external script and creates a path for unsafe handling of attacker-controlled files, including parser bugs, excessive resource use, or unintended access to local data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.