fruitmail — Apple Mail Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Apple Mail search tool, but it gives an agent access to private local email content with broad trigger wording and limited privacy warning in the install guide.

Install only if you intentionally want local Apple Mail content available to this command and to any agent session that invokes it. Review the script first, grant Full Disk Access only to a trusted terminal environment, use explicit Apple Mail prompts, and avoid broad exports or body reads unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes very broad invocation cues such as 'Use when asked to find, search, read, or list emails,' which can cause the agent to select this skill for many loosely related prompts. Because the skill accesses a user's local Apple Mail database and message bodies, overbroad triggering increases the chance of unnecessary or unintended exposure of sensitive email data.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The installation instructions do not clearly warn that the tool reads local Apple Mail data, including message bodies, sender/recipient metadata, and attachment-related information. In an agent/tooling context, insufficient disclosure can lead users to install a capability that grants broad access to sensitive personal or corporate email content without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal