Agentmail To

Security checks across malware telemetry and agentic risk

Overview

This email-management skill is purpose-aligned, but it publishes credential material and points agents at unreviewed local scripts for sensitive mail actions.

Review before installing. Do not use the embedded AgentMail key or shared inbox; rotate it if it belongs to you. Use your own credentials, inspect any referenced local scripts before running them, and require explicit confirmation before sending mail, reading verification codes, or deleting inboxes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill file directly discloses a live-looking API key, which is a sensitive credential that can grant unauthorized access to the agentmail.to account and related mail operations. Because the key is embedded in documentation rather than referenced indirectly, anyone who can read the skill can potentially reuse it to read mail, send messages, or create inboxes.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The documentation exposes both a live-looking API credential and a mailbox address without any warning that these values are sensitive. This increases the chance of accidental reuse, leakage, or abuse, and the mailbox context makes the secret more dangerous because it likely enables access to communications and message-sending capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal