Alimail Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AliMail administration helper that can read sensitive mailbox and user data, but I found no hidden, destructive, or purpose-mismatched behavior.

Install only if you are authorized to administer the AliMail tenant. Use a dedicated AliMail app with the minimum read-only permissions needed, protect and rotate ALMAIL_SECRET, pin or review the npm SDK version, and avoid retrieving or logging full message bodies unless the business need is clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares required secrets in environment variables and depends on code execution, but it does not declare explicit permissions or access boundaries. This creates a governance gap where a caller may not be clearly informed that the skill can access sensitive credentials and use them to query mailbox and user data, increasing the chance of unintended privileged use.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly documents capabilities to query user profiles, retrieve message contents, and search mailboxes, but it provides no privacy, authorization, or data-handling warnings. For a skill that accesses enterprise mailbox content and employee information, this omission can normalize unsafe use, increase the chance of overbroad access, and lead operators to expose sensitive data without adequate consent or audit controls.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are broad enough that the skill could activate for general requests about enterprise email users or messages without clear limitations or confirmation requirements. In a skill that can retrieve mailbox contents and user records, ambiguous activation increases the risk of over-collection, accidental invocation, or use in contexts where the user did not intend sensitive data access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation explicitly enables querying user information, viewing message contents, and searching mailboxes, but it does not warn that these are privacy-sensitive operations requiring appropriate authorization and user awareness. Because mailbox contents and employee profile data are highly sensitive, the lack of a privacy warning and consent boundary makes misuse or accidental disclosure materially more dangerous in this skill's context.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: 该文档明确描述了可查询用户资料、读取邮件详情、搜索邮件等高敏感能力，并列出了电话、位置、经理信息、正文、收件人等字段，但没有同步要求在调用前进行用户授权确认、最小化访问或隐私告知。对于企业邮箱场景，这会使技能实现者或调用方在缺乏明确边界的情况下处理大量个人与通信数据，增加越权访问、隐私泄露和合规违规风险。

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal