Trust Assessment
quietmail received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 6 critical, 1 high, 4 medium, and 2 low severity. Key findings include Potential hardcoded secret (high entropy), Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/co1onnese/quietmail/examples/1-create-agent.sh:8 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/co1onnese/quietmail/examples/2-send-email.sh:20 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/co1onnese/quietmail/examples/3-list-sent.sh:19 | |
| CRITICAL | Agent Mailbox Passwords Stored in Plaintext/Reversible Format The `Agent` model in `app/models.py` stores `mailbox_password` directly. The `app/routes/agents.py` endpoint `create_agent` generates this password and stores it in the database without apparent hashing or strong encryption. This password is then retrieved and used directly by `app/integrations/smtp.py` and `app/routes/email.py` for sending and receiving emails. A database compromise would expose all agent mailbox credentials, allowing full access to their email accounts. Mailbox passwords should never be stored in plain text or a reversibly encrypted format. Instead, consider using a secure vault service to store these credentials, or if direct storage is unavoidable, ensure they are encrypted with a strong, independently managed key. Alternatively, explore using OAuth2 or application-specific passwords that can be revoked without compromising the primary account password, or use a token-based authentication mechanism with the mail server that doesn't require storing the full password. | LLM | app/models.py:15 | |
| CRITICAL | Hardcoded Credentials in Test Files The test files `test_send_email_direct.py` and `test_testbot_smtp.py` contain hardcoded email account passwords. While these may be for a test environment, their presence in the repository constitutes a credential leak. If these credentials are ever used in a production-like environment or are similar to actual production credentials, it poses a severe security risk. Remove all hardcoded credentials from test files. Use environment variables, a secure configuration management system, or mock objects for testing purposes. Ensure that test credentials are distinct from any production or sensitive accounts. | LLM | test_send_email_direct.py:17 | |
| CRITICAL | Hardcoded Credentials in Test Files The test files `test_send_email_direct.py` and `test_testbot_smtp.py` contain hardcoded email account passwords. While these may be for a test environment, their presence in the repository constitutes a credential leak. If these credentials are ever used in a production-like environment or are similar to actual production credentials, it poses a severe security risk. Remove all hardcoded credentials from test files. Use environment variables, a secure configuration management system, or mock objects for testing purposes. Ensure that test credentials are distinct from any production or sensitive accounts. | LLM | test_testbot_smtp.py:17 | |
| HIGH | Hardcoded Database Credentials in Test File The `tests/phase2_test.py` file contains a hardcoded database connection string, including username and password (`quietmail:quietmail`). This exposes sensitive database access credentials within the repository. While intended for testing, this could lead to unauthorized database access if the test environment is compromised or if these default credentials are used in a development or production setup. Remove hardcoded database credentials from test files. Use environment variables or a secure configuration management system to provide database connection details to test suites. Ensure that test databases use unique, non-privileged credentials. | LLM | tests/phase2_test.py:10 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.76) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/co1onnese/quietmail/test_testbot_smtp.py:18 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/co1onnese/quietmail/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/co1onnese/quietmail/tests/phase2_test.py:7 | |
| MEDIUM | Overly Permissive CORS Configuration The FastAPI application is configured with `CORSMiddleware` allowing `allow_origins=["*"]`, `allow_credentials=True`, `allow_methods=["*"]`, and `allow_headers=["*"]`. While this might be acceptable for a public API or during development, in a production environment, allowing all origins with credentials can be a security risk, potentially enabling Cross-Site Request Forgery (CSRF) or other cross-origin attacks if not carefully managed. Restrict `allow_origins` to a specific list of trusted domains in production environments. If `allow_credentials` is `True`, `allow_origins` should never be `["*"]`. Carefully evaluate the necessity of `allow_methods=["*"]` and `allow_headers=["*"]` and narrow them down to only what is required. | LLM | app/main.py:23 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/co1onnese/quietmail/package.json | |
| LOW | Insecure Example: Hardcoded API Key in Shell Script The `SKILL.md` documentation provides a shell script example (`send-email.sh`) that hardcodes the `API_KEY` directly within the script. While the 'Best Practices' section advises against this, presenting such an example without immediate strong warnings or alternative secure methods can lead users to adopt insecure practices, especially if they copy-paste without reading further. Modify the example to primarily demonstrate fetching the API key from an environment variable or a securely stored file, rather than hardcoding it. Add a prominent warning directly above the hardcoded example, or remove the hardcoded example entirely in favor of more secure methods. | LLM | SKILL.md:227 |
Scan History
Embed Code
[](https://skillshield.io/report/1f78a12e2e008824)
Powered by SkillShield