Back to skill

Security audit

Iris Pro — AI Inbox Intelligence

Security checks across malware telemetry and agentic risk

Overview

This Gmail inbox tool appears to do what it advertises, but it handles sensitive email data while making an inaccurate privacy claim and saving email-derived reports locally.

Review before installing. Use a dedicated Gmail app password, keep SCAN_COUNT low, run it only in a private working directory, and delete generated iris_pro_report Markdown and JSON files when finished. Do not rely on the current security statement as a complete privacy disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The markdown explicitly claims 'No data transmitted to any server,' but the code logs into Gmail over IMAP, sending credentials and retrieving mailbox data from Google's servers. This is a deceptive security claim that can mislead users about network exposure and trust assumptions, even though the transmission is to Gmail rather than an arbitrary third-party exfiltration endpoint.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill writes email subjects, senders, categories, and generated draft replies to local markdown and JSON files without prominently warning the user. Because inbox contents often contain sensitive personal, legal, financial, or business information, these reports create a new local data-at-rest exposure that could be read by other local users, backup systems, indexing tools, or accidental commits.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.