App Access

Security checks across malware telemetry and agentic risk

Overview

This skill gives an agent Gmail read/send access through Reasonlayer, which is sensitive but clearly disclosed and aligned with its stated purpose.

Install only if you want an agent to access Gmail through Reasonlayer. Protect the Reasonlayer API key, review any re-fetched skill file before use, understand how to revoke OAuth access, and require explicit approval before reading sensitive email or sending messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises Gmail access and inbox/thread retrieval but the opening description does not prominently warn that it enables access to highly privacy-sensitive email contents. Users or agents may proceed without appreciating that this grants read/send capabilities over a human's mailbox, increasing the risk of overbroad consent and misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal