Security Audit

imap-smtp-email

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

imap-smtp-email received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 7 findings: 0 critical, 4 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Path Traversal via Downloaded Attachment Filename.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

91%

LLM Behavioral Safety

33%

Behavioral Risk Signals

Filesystem Write

4 findings

Shell Execution

3 findings

Excessive Permissions

1 finding

Security Findings7

Severity	Finding	Layer	Location
HIGH	Path Traversal via Downloaded Attachment Filename The `download` command in `scripts/imap.js` allows users to specify an output directory (`--dir`) and a filename (`--file`) for attachments. These inputs are directly used in `path.join(outputDir, filename)` to construct the target file path. If a malicious user provides a filename containing path traversal sequences (e.g., `../../../../etc/passwd`) or an absolute path (e.g., `/etc/passwd`), the skill could write files to arbitrary locations on the filesystem, potentially overwriting critical system files or exfiltrating data by writing it to a publicly accessible web directory. Sanitize `filename` and `outputDir` inputs to prevent path traversal. Ensure `filename` does not contain path separators (`/`, `\`) and is not an absolute path. Ensure `outputDir` is within an allowed base directory and is also not an absolute path outside the intended scope. A common approach is to resolve the final path and then check if it starts with an allowed base directory.	LLM	scripts/imap.js:248
HIGH	Data Exfiltration via Attachment File Path Traversal The `send` command in `scripts/smtp.js` allows users to specify attachments via `--attach`. The `readAttachment` function takes the user-provided `filePath` and uses `fs.existsSync(filePath)` and `path.resolve(filePath)`. If a malicious user provides a path like `/etc/passwd` or `../../../../etc/shadow`, the skill could read arbitrary files from the filesystem and attach their content to an email, leading to data exfiltration. Sanitize `filePath` inputs to prevent path traversal. Ensure that attachment paths are restricted to a designated upload or temporary directory, or validate that they are not absolute paths and do not contain `../` sequences that could escape the intended directory.	LLM	scripts/smtp.js:90
HIGH	Data Exfiltration via Subject/Body File Path Traversal The `send` command in `scripts/smtp.js` allows users to specify email subject (`--subject-file`) or body content (`--body-file`, `--html-file`) from a file. The `fs.readFileSync` function is used directly with the user-provided file path. If a malicious user provides a path like `/etc/passwd`, the skill could read arbitrary files from the filesystem and include their content directly in an email, leading to data exfiltration. Sanitize file path inputs to prevent path traversal. Restrict file reading to a designated temporary directory or validate that paths are not absolute and do not contain `../` sequences.	LLM	scripts/smtp.js:129
HIGH	Non-existent/Typo'd Dependency Version: nodemailer@7.0.13 The `package.json` specifies `nodemailer` version `^7.0.13`. As of the current date, the latest stable version of `nodemailer` is `6.9.13`, and version `7.0.13` does not appear to exist in the npm registry. This likely indicates a typo, which is a common vector for typosquatting attacks. If a malicious package were published under this non-existent version, `npm install` might attempt to install it, posing a significant supply chain risk. Correct the `nodemailer` version to a known, stable, and recent version (e.g., `^6.9.13`). Verify all dependencies against the npm registry to ensure they exist and are the intended packages.	LLM	package.json:20
MEDIUM	Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/gzlicanyi/imap-smtp-email/package.json
MEDIUM	Outdated Dependencies: imap and imap-simple The `package.json` lists `imap` version `^0.8.19` and `imap-simple` version `^5.1.0`. The `node-imap` package (which `imap` refers to) has a latest stable version of `1.0.0`. Using significantly outdated dependencies can expose the skill to known vulnerabilities that have been patched in newer versions. While no specific CVEs are identified without a deeper scan, it is a general security best practice to keep dependencies updated to mitigate potential risks. Update `imap` and `imap-simple` to their latest stable versions. Review their changelogs for any breaking changes or security fixes. If `imap-simple` prevents updating `imap` due to its dependency range, consider if `imap-simple` itself is still actively maintained or if an alternative should be used.	LLM	package.json:18
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/gzlicanyi/imap-smtp-email/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/461a7b9310090b53.svg)](https://skillshield.io/report/461a7b9310090b53)