Back to skill

Security audit

Maxhub Temp Mail

Security checks across malware telemetry and agentic risk

Overview

This temp-mail skill is transparent about using a third-party API, but it also encourages anonymous and bulk account-style use while handling mailbox credentials and email contents.

Review carefully before installing. Use only for authorized testing or low-risk one-time inboxes, not for sensitive accounts, financial/legal/private mail, evading platform rules, or bulk account creation. Keep MAXHUB_API_KEY and mailbox tokens out of logs and prompts, and require explicit user confirmation before creating an inbox or displaying message contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases are very broad, including generic requests like '查收邮件' and '查看邮件内容', which can overlap with normal conversation and cause the skill to activate unexpectedly. In a skill that can create disposable mailboxes and retrieve mailbox contents, accidental invocation can expose private email data or perform actions the user did not explicitly intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation says the skill reads mail lists and message details but does not clearly warn that this displays mailbox contents, which may include verification codes, personal data, or other sensitive communications. Users may not realize that using the skill grants access to full email content, increasing the risk of unintentional privacy exposure and misuse of temporary mail for account workflows.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases for reading mail are broad enough to match ordinary email-related user requests without clearly constraining them to temporary-mail workflows. That can cause unintended skill activation, exposing mailbox tokens or email contents from a disposable inbox in contexts where the user did not explicitly intend to use this skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The full-flow activation phrases like 'help me receive email' and 'email for registration' are ambiguous and can overlap with many legitimate email-assistant requests. Because this recipe creates a temporary mailbox and then polls and reads messages, accidental activation could lead to unintended account-registration assistance or disclosure of inbox data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The recipe file handles bearer tokens and mailbox contents but does not warn about privacy, token sensitivity, or the risks of using temporary mail for verification flows. In this context, missing guidance makes accidental token exposure, unauthorized inbox access, and policy-evading use more likely, especially since the skill is designed for disposable registration scenarios.

Ssd 2

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes disposable email for registration, anonymity, and identity masking, which can facilitate account creation evasion, spam signup workflows, and bypass of platform controls. Although framed as privacy and testing, the context materially lowers the barrier to abusive registration activity because the skill operationalizes one-time inbox creation and message retrieval.

Ssd 2

Medium
Confidence
94% confidence
Finding
The example scenarios normalize use of disposable mail for routine site registration and operation in 'untrusted environments' without leaving identity traces. In context, this is dangerous because it provides legitimizing guidance for behavior commonly associated with ToS evasion, throwaway account farming, and reduced accountability.

Ssd 4

Medium
Confidence
96% confidence
Finding
The narrative workflow describes generating many independent disposable inboxes in a loop and distributing tokens across test accounts, which is directly reusable for scalable multi-account operations. Even if described as testing, this stepwise bulk pattern is dangerous because it can be repurposed for sockpuppet creation, promotion abuse, or large-scale signup automation with minimal adaptation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.