Back to skill

Security audit

AgentSend Email

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed email-inbox integration, but users should understand it delegates email access and credential handling to an external AgentSend MCP package.

Install only if you are comfortable letting an external AgentSend MCP runtime operate an email inbox for the agent. Use a dedicated API key or sandbox account, confirm outbound email details before sending, only register webhook URLs you control, and delete or secure ~/.agentsend/credentials.json if you no longer want the sandbox credential retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly states that sandbox credentials are stored in ~/.agentsend/credentials.json, but it does not warn users about local credential persistence or the sensitivity of stored email access and message data. In an agent environment, undisclosed local storage of mailbox credentials can lead to unintended long-term account access, privacy exposure, or credential reuse by other processes or users on the same system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.