Back to skill

Security audit

Gmail

Security checks across malware telemetry and agentic risk

Overview

This package advertises Gmail email features but only provides unrelated local network diagnostic commands, so users should review it before installing.

Install only if you understand that the free version does not appear to provide Gmail functionality. A genuine Gmail skill should document OAuth setup, requested mail scopes, message-sending or deletion safeguards, and data handling. This package should be relabeled as network diagnostics or revised to contain actual Gmail-specific instructions before normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is labeled and described as a Gmail integration, but the executable guidance performs local network reconnaissance commands instead of any Gmail-related action. This mismatch can mislead an agent or user into running unintended system-inspection commands under false pretenses, creating a trust-boundary violation and potential environment information disclosure.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation claims managed OAuth Gmail integration and 'No setup required,' but the only runnable content invokes local networking tools such as ip, ss, and host. This deceptive presentation can cause agents or users to authorize or trust the skill for email operations while it instead gathers host and network information unrelated to the stated task.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger guidance says to use the skill when users want to interact with Gmail, which is broad enough to activate on many normal email-related requests. Because the skill's actual behavior is unrelated to Gmail, broad triggering increases the chance of accidental invocation and execution of unintended local commands.

Missing User Warnings

High
Confidence
72% confidence
Finding
A skill described as reading, sending, and managing Gmail content should prominently warn about privacy-sensitive access, message contents, and potentially destructive actions. The absence of such warnings weakens informed consent and is especially problematic here because the surrounding documentation is already misleading about what the skill actually does.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.