Back to skill

Security audit

Email Daily Summary Zc

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks for broad access to logged-in mailboxes and supports recurring background runs without enough privacy controls.

Install only if you are comfortable letting browser automation access a logged-in mailbox. Avoid entering passwords through the examples, avoid AI extraction unless you understand where email content is sent and retained, delete screenshots/logs you do not need, and enable cron or launchd only if you intentionally want recurring background mailbox access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
77% confidence
Finding
The skill encourages use of API keys/environment variables for AI-based email extraction over highly sensitive mailbox content, but it does not clearly justify the data flow, define minimization boundaries, or warn that email contents may be transmitted to a third-party service. In an email-summary skill, this creates a real confidentiality risk because sensitive message data could be exposed beyond the local mailbox session.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broad enough to trigger on general requests to check emails or important messages, not just narrowly scoped daily-summary tasks. Because the skill can log into email accounts and inspect mailbox contents, over-broad invocation increases the chance of unnecessary access to sensitive communications.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill handles highly sensitive email content and explicitly saves screenshots and logs locally, yet the top-level description does not prominently warn users about these privacy and retention behaviors. In this context, missing disclosure is dangerous because users may unknowingly permit collection, local storage, and possible downstream sharing of confidential mailbox data.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 编辑 crontab
crontab -e

# 添加每日早上 9 点执行的任务
0 9 * * * /path/to/email_daily_summary.sh >> /path/to/logs/email_summary.log 2>&1
Confidence
88% confidence
Finding
crontab -e

Session Persistence

Medium
Category
Rogue Agent
Content
### macOS (launchd)

创建 `~/Library/LaunchAgents/com.email.dailysummary.plist`:

```xml
<?xml version="1.0" encoding="UTF-8"?>
Confidence
86% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
Confidence
83% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
Confidence
83% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.email.dailysummary</string>
Confidence
82% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
<key>StandardErrorPath</key>
    <string>/tmp/email_summary_error.log</string>
</dict>
</plist>
```

加载任务:
Confidence
90% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
加载任务:
```bash
launchctl load ~/Library/LaunchAgents/com.email.dailysummary.plist
```

## 输出示例
Confidence
87% confidence
Finding
launchctl load

Session Persistence

Medium
Category
Rogue Agent
Content
加载任务:
```bash
launchctl load ~/Library/LaunchAgents/com.email.dailysummary.plist
```

## 输出示例
Confidence
87% confidence
Finding
plist

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.