Security audit

Email Sender Pro

Security checks across malware telemetry and agentic risk

Overview

This SMTP email skill mostly does what it says, but its fallback configuration can mishandle email credentials and connect to an unintended mail provider unless settings are fully specified.

Review before installing. Use `--dry-run` first and confirm the resolved provider, host, username, sender, recipient, subject, and body before any real send. For any non-126 provider, explicitly set `SMTP_HOST`, `SMTP_PORT`, `SMTP_USE_SSL`, and `SMTP_USERNAME` instead of relying on the minimal `.env`; prefer provider-issued SMTP/app passwords over primary mailbox passwords and avoid sending sensitive content unless disclosure to the SMTP provider and recipient is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to read a root-level `.env` file and fall back to embedded SMTP configuration, which means it uses environment/file access despite not declaring those capabilities. Undeclared secret-reading behavior is dangerous because users and orchestrators may not realize the skill can access credentials or local files, weakening permission boundaries and auditability.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This skill is designed to send real email through third-party SMTP providers, which necessarily transmits recipient addresses, subject lines, and message bodies off the local system. Without a clear warning in the description, users may unknowingly disclose sensitive personal or business data to external providers and trigger unintended privacy or compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.