Security audit

Email Chronicle Analyst

Security checks across malware telemetry and agentic risk

Overview

This email-analysis skill is coherent and disclosed, but users should treat the temporary cleaned email file as sensitive.

Install only if you are comfortable with local preprocessing of sensitive email files. Avoid feeding unrelated local paths as the .eml input, and consider deleting /tmp/eml_cleaned.txt after use or asking the publisher to switch to per-run temporary files with cleanup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 80% confidence
Finding: The skill instructs the agent to write a derived file to /tmp (/tmp/eml_cleaned.txt) but declares no permissions. Undeclared file-write behavior weakens reviewability and least-privilege controls, and can enable unexpected persistence or cross-task data exposure if temporary files are reused or left behind.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill directs execution of a local Python program on user-supplied .eml files, expanding scope from text analysis into code execution and local file processing. This is dangerous because it introduces trust in an external script and creates a path for unsafe handling of attacker-controlled files, including parser bugs, excessive resource use, or unintended access to local data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.