email-summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill handles sensitive email data, but its mailbox access, local parsing, report creation, and optional email sending are disclosed and aligned with its stated purpose.

Install this only if you are comfortable letting it process mailbox contents or local email archives. Use app-specific email passwords, limit date ranges and max counts, keep generated JSON/HTML/XLSX reports private, review any report before sending it, and verify the recipient address before running the SMTP send step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

Tainted flow: 'cmd' from os.environ.get (line 198, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: # (pst_extractor_helper.js bundled in this skill). The command list is # constructed from validated local paths only — no shell=True, no user # input is ever interpolated into the command string. result = subprocess.run(cmd, capture_output=True, text=True) for line in result.stderr.splitlines(): print(f" {line}", file=sys.stderr) if result.returncode != 0:
Confidence: 88% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises and documents access to environment variables, local files, network services, and subprocess execution, yet no explicit permissions are declared. That mismatch weakens platform-level review and user consent, especially for a skill that can read mailbox contents, parse local email archives, and transmit generated reports over SMTP. In this context, undeclared capabilities are more dangerous because the data handled is highly sensitive and includes both credentials and private communications.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad and end with an open-ended "etc.", which makes it easier for the skill to activate on ambiguous requests. For a skill capable of reading mailbox data, local PST/MBOX/MSG files, and optionally sending reports externally, accidental invocation could expose sensitive information or initiate high-risk actions without clear user intent. The context makes this risk more significant than for a harmless utility because the activation can lead directly to privacy-impacting operations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The description does not clearly warn users that the skill processes highly sensitive mailbox contents, may use credentials, parses local email exports, and can email generated reports to another recipient. Without an explicit warning, users may not understand that personal or corporate communications, contact relationships, and metadata could be collected and redistributed. This omission is especially dangerous here because the skill combines data extraction, profiling, report generation, and outbound delivery in one workflow.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The function writes a contact-profile workbook containing email addresses, companies, positions, subject summaries, and interaction counts to a persistent temporary file using delete=False and returns the path. Because the file is left on disk without any cleanup, permission hardening, or explicit user disclosure in this component, sensitive mailbox-derived data may remain accessible to other local users, backup systems, or later processes longer than intended.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Install with: pip install -r requirements.txt # Required for .msg file parsing (parse_file.py --msg-dir) extract-msg>=0.52.0 # Required for Excel report generation (build_report.py) openpyxl>=3.1.0
Confidence: 95% confidence
Finding: extract-msg>=0.52.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: extract-msg>=0.52.0 # Required for Excel report generation (build_report.py) openpyxl>=3.1.0
Confidence: 97% confidence
Finding: openpyxl>=3.1.0

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal