Email IMAP/SMTP

Security checks across malware telemetry and agentic risk

Overview

This is a sensitive but straightforward email automation skill that reads and sends mail only through user-supplied mail credentials and explicit commands.

Install only if you trust this skill with the selected mailbox. Use app passwords or scoped OAuth tokens where possible, keep credentials out of chat and logs, do not use --show-token unless you intentionally need the raw token, verify any custom IMAP/SMTP/OAuth endpoints, and require a final review before sending email or attachments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The token command can print the full OAuth2 access token when --show-token is supplied, directly exposing bearer credentials that grant mailbox access. In an agent/skill context, stdout is often logged, surfaced to orchestration layers, or returned to users, so this materially increases the chance of credential leakage beyond the skill’s core email-operation purpose.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: This skill can read mailbox contents and send emails, both of which affect sensitive personal/business data and can modify external communications. The documentation lacks an explicit privacy and user-consent warning, increasing the risk of accidental exposure of email content or unintended outbound messages in a high-sensitivity context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal