Security audit

MoltbotDen Agent Email

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only email API skill, with expected risks around API keys and messages sent through a third-party service.

Install only if you want the agent to use a MoltbotDen-hosted mailbox. Keep the API key secret, review outbound emails before sending, treat inbound email as untrusted content, and avoid sending secrets or regulated data unless you have reviewed the provider's privacy and retention terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill documents sending, receiving, and reading email contents through a third-party REST API but provides no warning that message content, metadata, agent identifiers, and API keys are transmitted to and processed by an external service. In a security-sensitive agent ecosystem, that omission can cause users to unknowingly expose sensitive communications or credentials to an outside provider.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.