Breached Email Check

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks email addresses for breach exposure through ToolWeb, but users should treat submitted emails and results as sensitive.

Install only if you trust ToolWeb with the email addresses you submit and with the resulting breach intelligence. Use it only for your own addresses or emails you are authorized to check, protect results as sensitive security data, and use a scoped, revocable API key where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill asks users to submit an email address for breach checking but does not clearly warn that the address will be transmitted to a third-party external service. Email addresses are personal data, and breach-check results can reveal sensitive security exposure, so missing disclosure can lead to privacy violations, unauthorized sharing, or non-compliant handling of user data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The use cases explicitly promote checking employee and workforce email exposure, but the skill provides no warning about consent, authorization, or safe handling of potentially sensitive breach intelligence. In this context, the omission is more dangerous because it encourages bulk or organizational surveillance-style use that could expose personal data, create workplace privacy issues, or lead to misuse of breach status information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal