Back to skill

Security audit

Weekly Report Email

Security checks across malware telemetry and agentic risk

Overview

This weekly-report email skill mostly matches its purpose, but it needs Review because it stores mailbox credentials locally and uses a vulnerable email-sending dependency.

Install only if you are comfortable giving this skill SMTP sending authority. Use an app-specific SMTP authorization code, restrict access to the skill directory and .env file, carefully review recipients/CC and the HTML preview before confirming, avoid putting secrets in report text, and prefer an updated release that upgrades nodemailer and removes default content logging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill logs a preview of all report sections to the console before generating the email body. Weekly reports often contain sensitive business status, blockers, project details, and personal reflections; writing even truncated previews to logs can expose that data to operators, shared terminals, CI logs, or log aggregation systems without the user's awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code writes SMTP credentials, including the password, into a local .env file in the skill directory without setting restrictive file permissions or warning the user that secrets will be persisted in plaintext. In an agent/skill context, local skill directories are often readable by other processes, users, backups, or logs, so plaintext credential storage materially increases the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
resetConfig deletes config.json after creating a backup but performs the destructive action without any confirmation, safety check, or rollback handling. This can cause accidental loss of configuration state or unexpected reconfiguration, especially if invoked by automation or another tool path.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to record every user reply, including malformed or minimal input, which encourages indiscriminate collection of free-form user data. In a workflow that later writes content to a file and emails it, this increases the chance of capturing and propagating accidental sensitive information, including secrets, personal data, or irrelevant chat content.

Ssd 3

Medium
Confidence
95% confidence
Finding
This section normalizes preserving arbitrary malformed inputs after only minimal validation, making the workflow resilient to bad formatting but also to accidental disclosure. Because the skill persists the content and later includes it in an email preview/send path, users can easily leak confidential snippets they did not intend to become part of a report.

Ssd 3

Medium
Confidence
95% confidence
Finding
Repeating the broad 'record any user input' instruction across multiple collection stages turns over-collection into a core workflow behavior rather than an edge case. In the context of a reporting/email skill, that materially raises the risk of unintended retention and onward transmission of sensitive business information or personal data.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "nodemailer": "^6.9.7"
  }
}
Confidence
90% confidence
Finding
"nodemailer": "^6.9.7"

Known Vulnerable Dependency: nodemailer==6.9.7 — 5 advisory(ies): GHSA-9h6g-pr28-7cqp (nodemailer ReDoS when trying to send a specially crafted email); GHSA-c7w3-x93f-qmm8 (Nodemailer has SMTP command injection due to unsanitized `envelope.size` paramet); CVE-2025-13033 (Nodemailer: Email to an unintended domain can occur due to Interpretation Confli) +2 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
nodemailer==6.9.7

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
main.js:72

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
mailer.js:61