Back to skill

Security audit

Keigo Mail Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local Japanese email-drafting skill with disclosed local signature storage, so it is acceptable with privacy caveats.

Install this only if you want the skill to remember signature details locally for future email drafts. Avoid entering contact details you do not want saved, review generated emails before sending, and use the documented rm flow to remove stored fields when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes a local Python script via Exec/shell-like capability but does not declare any corresponding permission boundary. This creates a mismatch between what reviewers/users can infer from the manifest and what the skill can actually do, increasing the risk of undisclosed command execution and unsafe access to local resources.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented trigger phrases include very generic terms such as 「メール」, which are likely to appear in many ordinary conversations. That can cause unintended activation of the skill in unrelated contexts, increasing the chance that user content, signatures, or other sensitive text is processed or persisted without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "メール" is so broad that ordinary user conversation may invoke the skill unintentionally. In this skill, accidental activation is more dangerous because it can trigger persistent signature processing tied to cross-platform identifiers and backend storage without clear, specific invocation intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description says the skill links LINE, Telegram, Slack and similar user IDs to persistent signature storage, but it does not clearly warn users that personal contact details may be stored and correlated across platforms in a backend database. This undermines informed consent and creates privacy/compliance risk because users may reveal names, phone numbers, addresses, and company details without understanding the retention and linkage model.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persists user signature data, including potentially sensitive personal and business contact details, to a local SQLite database without any visible consent, disclosure, retention controls, or access policy enforcement in this code path. In the context of a mail-generation skill that links persistent signatures across platforms, this creates a real privacy and data-governance risk because users may not expect durable cross-session storage of PII.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.