Back to skill

Security audit

imapflow

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only IMAP reference, but it can guide agents to access or change mailbox data, so users should handle credentials and delete/move actions carefully.

Install this only if you want agent help writing Node.js IMAP code. Use app-specific passwords or scoped OAuth tokens, do not hard-code or log credentials, fetch the smallest needed message range and fields, and require explicit confirmation before generated code moves, deletes, expunges, flags, appends, or changes mailboxes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger scene is broad enough to activate on many generic email-related requests, including ones that may not clearly indicate the user intends mailbox access or modification. In an agent setting, that ambiguity can cause over-invocation of a skill capable of reading, moving, or deleting email, increasing the chance of unintended access to sensitive data or destructive actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents capabilities to fetch message bodies, search mailbox contents, download attachments, move messages, and delete mail without any safety notice about sensitive mailbox data or destructive operations. In practice, this can normalize unsafe agent behavior, leading to privacy exposure, retention violations, or irreversible mailbox changes if the skill is invoked without explicit confirmation and least-privilege handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly encourages enabling a logger or emitting log events for IMAP activity, but it does not warn that IMAP logs can include sensitive operational data such as usernames, mailbox names, message metadata, server responses, and possibly message content depending on logging configuration. In an email integration context, this omission can lead developers to send sensitive data to console output or centralized log systems without redaction, increasing the risk of credential, privacy, or mailbox data exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.