Trust Assessment
imap-idle received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 1 high, 3 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsafe deserialization / dynamic eval, Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/topitip/imap-idle/scripts/listener.py:22 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/topitip/imap-idle/scripts/setup.py:85 | |
| HIGH | Configurable Webhook URL allows data and credential exfiltration The skill's core functionality involves sending email metadata (sender, subject, body preview) and the `webhook_token` to a user-configurable `webhook_url`. While the default URL is localhost, a user can configure it to any external endpoint. If this `webhook_url` is set to an untrusted or malicious destination, it could lead to the exfiltration of sensitive email content and the `webhook_token` credential, which is sent in an `Authorization: Bearer` header. Advise users to only configure `webhook_url` to trusted, internal endpoints (e.g., localhost or a secure internal network). Implement strict validation for `webhook_url` to prevent common phishing/malicious patterns. Consider adding a warning during setup if a non-localhost URL is provided. | LLM | scripts/listener.py:120 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/topitip/imap-idle/scripts/setup.py:5 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/topitip/imap-idle/scripts/listener.py:35 | |
| MEDIUM | Unpinned Python dependencies in installation instructions The `pip3 install` commands in the `SKILL.md` do not specify version numbers for `imapclient` and `keyring`. This practice, known as unpinned dependencies, means that installing the skill could pull in the latest available versions of these packages and their transitive dependencies. If a future version of these packages introduces a vulnerability or malicious code, users would unknowingly install it, creating a supply chain risk. Pin specific versions for all Python dependencies (e.g., `imapclient==X.Y.Z`, `keyring==A.B.C`) in a `requirements.txt` file or directly in the installation instructions. Regularly review and update pinned versions to mitigate known vulnerabilities. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/28f1c8340da72c7f)
Powered by SkillShield