read-no-evil-mcp

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for email access, but it gives an agent power to send, move, and delete email without enough clearly documented confirmation or safety boundaries.

Review this before installing. Use it only with an email account and folders you are comfortable exposing to an agent, prefer read-only or restricted credentials if available, and require explicit user approval before sending, moving, or deleting messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README advertises that the skill can send, move, and delete emails, but it does not prominently warn users that these are destructive or externally impactful actions that an AI agent may perform if granted permission. In an email-management skill, insufficient disclosure can lead to unsafe deployment choices, accidental message deletion, or unintended outbound email actions, especially because users may over-trust the product's security claims about prompt injection protection.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented commands include destructive operations such as deleting and moving email, but the skill does not require explicit confirmation or a warning flow for those actions. In an agent setting, that can lead to accidental data loss or mailbox tampering if commands are executed on ambiguous or maliciously induced instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal