Back to skill

Security audit

UniProfit Mail Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a transparent UniProfit email-sending helper whose main risk is that real email content and recipient details go to the configured UniProfit endpoint.

Install this only if you trust the UniProfit server configured in UNIPROFIT_API_BASE_URL and have a scoped mail_send key. Use an HTTPS endpoint, confirm the recipient and final body before sending, and remember that the skill performs real email delivery through UniProfit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares required environment variables and instructs runtime network access to external API endpoints, but it does not declare corresponding permissions. This creates a capability/permission mismatch that can undermine platform security assumptions, cause overbroad execution in environments that infer trust from declarations, and make review harder because secret and network usage is not explicitly surfaced.

Vague Triggers

Low
Confidence
86% confidence
Finding
The skill description and default prompt authorize sending 'approved emails' but do not define who approves them, what checks must occur before sending, or what situations should trigger use of the skill. In an agent setting, vague invocation criteria can cause the model to send externally visible messages without sufficient validation, enabling prompt-injection-driven misuse, accidental spam, or exfiltration of sensitive content through email.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents sending recipient addresses, subject lines, message bodies, and reply-to values to an external UniProfit API, but it does not include a clear user-facing disclosure or warning at the point of use. This creates a privacy and consent risk because an agent may transmit sensitive personal or business content to a third-party service without the user fully understanding what data leaves the system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts a fully configurable UNIPROFIT_API_BASE_URL and sends recipient addresses, message contents, and an API key to that endpoint without enforcing HTTPS or validating the destination. If the base URL is set to plain HTTP, email data and credentials can be intercepted or modified in transit; if pointed to an attacker-controlled host, the API key and all mail content are directly exfiltrated. In this skill context, the risk is elevated because the tool is specifically designed to handle outbound email and secrets, making transport security essential.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.