Back to skill

Security audit

batch-send-mail

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward bulk email skill, but users should handle saved SMTP credentials and real sends carefully.

Install only if you are comfortable with a tool that can send bulk email through your SMTP account. Use --dry-run first, verify recipients, CCs, template substitutions, subject, and attachments, then explicitly approve any real send. Prefer an app-specific SMTP password or authorization code, protect or delete config/config.ini after use, and avoid using your primary account password.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger instructions are overly broad, including generic phrases like '批量发邮件', '群发邮件', and '批量发送邮件', with wording that says the skill should be used whenever the user says them. Broad triggers increase the chance of accidental activation for sensitive actions involving outbound email and credential handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that SMTP passwords or authorization codes are saved to config/config.ini for later reuse, but provides no explicit warning about local secret storage risks. Storing email credentials in a plaintext config file can lead to credential theft, unauthorized email sending, and broader account compromise if the file is read by other users, tools, or malware.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The eval prompt asks to "检查 batch-send-mail 技能" and "用示例文件生成预览", which is broad enough to overlap with ordinary user requests to inspect or test the skill rather than a narrowly scoped evaluation-only trigger. In a skill that can send bulk email and handle SMTP credentials, broad trigger phrasing increases the chance of unintended activation in non-eval contexts, potentially leading to privacy, spam, or credential-handling risks if execution is not constrained to dry-run mode.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persistently stores the SMTP password/authorization code in a local INI file in plaintext. Any local user, malware, backup system, or accidental repository inclusion could expose those credentials, enabling unauthorized email sending, account abuse, and potential compromise of other services if the secret is reused. In this skill's context, the risk is elevated because the functionality directly enables bulk outbound email, so stolen credentials can be abused immediately for spam or phishing.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
openpyxl>=3.1.0
Confidence
94% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
openpyxl>=3.1.0
Confidence
95% confidence
Finding
openpyxl>=3.1.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.