Back to skill

Security audit

docker-mailbox

Security checks across malware telemetry and agentic risk

Overview

This skill openly gives agents access to real email accounts for reading, sending, marking, and deleting mail, so it is powerful but coherent with its stated purpose.

Install only if you are comfortable giving this service access to the configured email accounts. Set strong auth.tokens before any non-local exposure, protect config.yaml as a secret, verify the Docker image/repository, and require review plus explicit confirmation before sending email or deleting messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented workflow automates permanent message deletion across mailboxes with no explicit warning, dry-run step, confirmation gate, or requirement to review matches before expunging. In this skill's context, deletion is not hypothetical: the API performs real IMAP delete+EXPUNGE operations, so copied examples can cause immediate irreversible data loss at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.