Back to skill

Security audit

IMAP Email Reader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate IMAP email tool, but it needs review because it handles private mailbox contents and credentials with weak safeguards.

Install only if you are comfortable giving an agent access to your mailbox. Use a dedicated app or Bridge-generated password, manually ensure .env is gitignored and chmod 600, keep certificate validation enabled except for trusted local ProtonMail Bridge use, avoid less-secure Gmail access, and replace or remove the cron iMessage example unless you explicitly want email summaries sent to that destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes use of environment-stored IMAP credentials, but the skill metadata does not declare permissions or clearly surface that sensitive secrets are required. This creates a transparency and review gap: users or orchestrators may invoke a capability that accesses credential material without an explicit permission boundary or consent model.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow and cron examples automate retrieval, summarization, and delivery of email content to external channels such as iMessage without an explicit privacy warning or minimization guidance. Because email often contains sensitive personal or business data, automated forwarding can leak confidential content to unintended recipients, logs, or less secure endpoints.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill documents commands that modify message state, such as marking mail as read or unread, without clearly warning that these actions alter user data and can affect downstream workflows. Even though the change is limited, it can interfere with unread tracking, auditing, and user expectations if performed automatically or accidentally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script stores IMAP credentials, including the password, in a plaintext .env file without warning the user, permission hardening, or cleanup guidance. If the working directory is shared, backed up, committed to version control, or readable by other local users or processes, those credentials can be exposed and used to access the mailbox.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The documentation explicitly suggests enabling Gmail 'less secure apps' when not using 2FA, which encourages users to weaken account protections. That advice can lead to credential compromise or unauthorized mailbox access, especially for a skill that handles email credentials directly.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"search": "node scripts/imap.js search"
  },
  "dependencies": {
    "imap-simple": "^5.1.0",
    "mailparser": "^3.7.1",
    "dotenv": "^16.4.7"
  },
Confidence
97% confidence
Finding
"imap-simple": "^5.1.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "imap-simple": "^5.1.0",
    "mailparser": "^3.7.1",
    "dotenv": "^16.4.7"
  },
  "keywords": ["imap", "email", "protonmail", "clawdbot", "skill"],
Confidence
97% confidence
Finding
"mailparser": "^3.7.1"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "imap-simple": "^5.1.0",
    "mailparser": "^3.7.1",
    "dotenv": "^16.4.7"
  },
  "keywords": ["imap", "email", "protonmail", "clawdbot", "skill"],
  "author": "Mike Varrieur",
Confidence
96% confidence
Finding
"dotenv": "^16.4.7"

Known Vulnerable Dependency: mailparser==3.7.1 — 1 advisory(ies): CVE-2026-3455 (mailparser vulnerable to Cross-site Scripting)

Low
Category
Supply Chain
Confidence
93% confidence
Finding
mailparser==3.7.1

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.