mailgo-coldmail-marketing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mailgo campaign tool, but it can upload lead data and launch live cold-email campaigns with insufficient final user confirmation.

Review before installing. Use only with a Mailgo account and recipient lists you are authorized to process, prefer a limited or disposable API token if Mailgo supports it, set credentials through environment/action auth rather than chat, run dry-run or draft mode first, and require your own final review of recipients, content, sender, schedule, and timezone before activating any campaign.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: This reporting script includes functionality to read full reply email bodies via an internal hmail proxy, which materially expands its privileges from campaign analytics into mailbox-content access. That creates unnecessary exposure of sensitive message contents and increases the blast radius if the script is misused or invoked in an unexpected context.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script automatically discovers a sender mailbox and then uses that mailbox context to fetch reply contents, reducing friction for mailbox access that should require deliberate operator intent. Auto-discovery makes sensitive content retrieval easier to trigger and weakens the separation between campaign statistics and email-reading capabilities.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation text is broad enough to trigger on common requests about sending or managing email campaigns, increasing the chance the skill activates in contexts the user did not specifically intend. Because this skill can verify recipients, claim mailboxes, create campaigns, and manage lifecycle actions, over-broad triggering can lead to surprising or premature operational behavior.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: Hard-coding a timezone/locale for sending behavior without user opt-in can cause campaigns to be scheduled at unintended local times, which may harm compliance, deliverability, or business operations. In an outbound email tool, timing is operationally sensitive, so silently forcing Asia/Singapore is a meaningful safety issue rather than a cosmetic default.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The auto-inferred decision flow mandates Asia/Singapore scheduling without giving the user a choice, which can result in sends occurring outside intended business hours for the sender or recipients. Because the skill is designed to launch campaigns end-to-end, this default can directly affect real outbound activity and account reputation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill defines a fully automated 4-step create-and-send flow that ends with immediate campaign activation, but it does not require an explicit final user confirmation immediately before launch. In a cold-emailing context, this can cause unintended mass outreach, reputational harm, policy violations, or messages being sent with incorrect content, recipients, or schedule if prior assumptions are wrong.

Natural-Language Policy Violations

Low

Confidence: 81% confidence
Finding: The skill silently applies a default schedule of Mon–Fri, 9am–6pm, Asia/Singapore without obtaining user opt-in or validating recipient geography. In outreach automation, this can lead to emails being sent at inappropriate local times, increasing compliance, deliverability, and reputational risk, though it is less severe than unauthorized sending itself.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script uploads email content and recipient lead data to external Mailgo/Leadsnavi endpoints and can activate a live cold-email campaign immediately, but it does not present an explicit privacy/transmission warning or confirmation at the point of execution. In a skill designed to handle outreach end-to-end, this increases the risk of users unintentionally sending personal data and campaign content to a third-party service or launching outbound mail without sufficient awareness.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script sends user-supplied email addresses to a third-party remote API for verification, but provides no explicit consent, privacy notice, or data-sharing warning at the point of transmission. Because email addresses are personal data in many contexts, this can create privacy, compliance, and trust risks, especially in an outreach skill handling potentially large lead lists.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal