Security audit

super-imap-smtp-email

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IMAP/SMTP email tool with sensitive but expected mailbox and credential access.

Install only if you are comfortable giving this skill access to the configured mailbox and SMTP account. Use app-specific passwords or provider authorization codes, keep allowed read/write directories narrow, verify recipients before sending, avoid running fetch/search commands where logs are retained, and remove or rotate the saved credentials when you stop using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly documents capabilities that require sensitive access to environment variables, network connectivity, and shell execution, yet it declares no permissions. This creates a transparency and governance gap: a user or platform may not realize the skill can access stored credentials, communicate externally with mail servers, and invoke local scripts, increasing the risk of unintended data exposure or misuse.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation describes high-impact actions—reading mailbox contents, downloading attachments, marking messages read/unread, and sending email—without clearly warning users about privacy, integrity, and external communication risks. In an email skill, these actions can expose sensitive personal or corporate data, alter mailbox state, and send messages to third parties if used carelessly or through prompt misuse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The CLI prints fetched email bodies, headers, snippets, and attachment metadata directly to stdout as JSON. In agent/tooling contexts, stdout is often captured in logs, transcripts, or upstream orchestration systems, which can unintentionally expose highly sensitive mailbox contents beyond the user’s immediate session.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script collects an email password/app password and writes it directly into a plaintext .env file on disk. Although it later restricts permissions to 600, the user is not clearly warned beforehand that long-lived credentials will be persisted locally, which increases the risk of credential theft from backups, local compromise, shell mistakes, or accidental disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal