Security audit

Zero‑Exposure SMTP Mail Sender (MGC Secure Edition)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real SMTP email-sending skill, but it gives agents broad secret-backed sending power without enough scoping or confirmation.

Install only if you trust the publisher and are comfortable giving the skill access to stored SMTP credentials. Before use, prefer a version that hardcodes or allowlists the SMTP secret, previews the sender, recipient, subject, and body, and requires explicit confirmation before each email is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The tool is advertised as a secure mail sender, but it exposes caller-controlled `info_type` and `info_owner` parameters that are passed directly into the MGC secret retrieval API. That makes the skill a generic secret lookup primitive rather than a narrowly scoped mail sender, allowing an agent or user to retrieve alternate stored secrets and use them indirectly through this tool path.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad enough to match routine user requests such as 'send an email' or 'email this to someone,' which can cause the skill to activate in contexts where the user did not intend to use this specific SMTP workflow. Because the skill can initiate outbound communication using stored credentials, accidental invocation could result in unintended data disclosure or unauthorized email transmission.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The tool silently retrieves stored credentials and sends outbound email without any explicit confirmation, warning, or disclosure at the user-facing interface. In an agent setting, this increases the risk of covert actions, where a prompt-injected or compromised workflow can cause secret-backed email transmission that the user did not realize would occur.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The suggested trigger phrases are very broad, generic requests that commonly appear in normal conversation. In an agent environment, this increases the chance the skill is invoked unintentionally, which could cause emails to be sent without sufficiently explicit user intent or contextual confirmation.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation emphasizes password secrecy but does not clearly warn that recipient addresses, subject lines, and message bodies will still be transmitted to an SMTP server over the network. This can mislead users into believing the whole action is 'secure' or 'zero-exposure', causing them to share sensitive content without understanding the data exposure and third-party processing involved.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal