Back to skill

Security audit

Email Ledger

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform the email-ledger task it claims, but it should be reviewed because it handles sensitive email-derived data and uploads the generated spreadsheet without an explicit confirmation step.

Install only if you are comfortable with a workflow that reads provided email archives, extracts sender/recipient/subject/body-summary details into Excel, and uploads the result for download. For sensitive business mail, ask the agent to generate the file locally first and upload only after you approve the contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger set includes very broad phrases such as '整理一下' and '帮我登记', which can match routine conversations unrelated to email-ledger processing. That can cause unintended activation on unrelated attachments or context, increasing the chance of processing sensitive files and invoking downstream actions without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The applicable-scenario section reinforces activation on ambiguous keywords like '报备台账', '邮件台账', and especially '整理邮件' without strong gating criteria. In this context, the skill reads and transforms potentially sensitive email content, so ambiguous matching materially raises privacy and unintended-action risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs automatic upload of the generated Excel via a separate uploader skill but does not require a user-facing warning or explicit consent before transferring the output. Because the Excel aggregates extracted email metadata and possibly sensitive business details, silent upload expands data exposure beyond local processing and can violate user expectations or data-handling requirements.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.