Back to skill

Security audit

osascript-email

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Mail.app email sending, but it can send silently and its helper builds executable AppleScript from insufficiently validated inputs.

Install only if you specifically need macOS Mail.app automation. Require explicit approval before each send, especially for attachments, and do not pass untrusted or externally supplied recipient, sender, subject, body, or file path values into this helper until the AppleScript escaping and validation are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example demonstrates sending an email with a local file attachment to an arbitrary recipient, but it does not include any warning, confirmation step, or discussion of the privacy implications of transmitting local file contents off-device. In an agent skill context, this increases the risk of accidental data exfiltration because users or downstream agents may reuse the pattern without realizing that sensitive files can be sent externally.

Unvalidated Output Injection

High
Category
Output Handling
Content
end tell
return "sent"'''

    result = subprocess.run(
        ["osascript", "-e", script],
        capture_output=True,
        text=True
Confidence
98% confidence
Finding
subprocess.run( ["osascript", "-e", script], capture_output

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.