Sinkron

Security checks across malware telemetry and agentic risk

Overview

Sinkron is a disclosed email-inbox integration, but it can read and delete Sinkron messages using a service token.

Before installing, verify the Sinkron GitHub/PyPI provenance, keep the package version pinned, store SINKRON_TOKEN only in a secret manager or restricted environment variable, and require explicit human confirmation before using delete-inbox or other deletion commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest advertises a destructive `sinkron delete-inbox --force` capability without any warning, confirmation guidance, or indication that it irreversibly deletes all inbox messages. In an agent skill context, exposing destructive commands as normal operations increases the chance of accidental or automated data loss, especially if an agent invokes commands from natural-language prompts without strong safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal