Skill Trust Decision
Email Analyzer
The skill contains hardcoded credentials (email authorization code) in plaintext within source code and documentation, presenting significant credential exposure risk if the repository becomes public or is shared.
Most direct threat evidence
01
Attacker obtains repository or accesses skill files reconnaissance · SKILL.md
02
Attacker extracts hardcoded authorization code from email_analyzer.py CONFIG Credential Access · email_analyzer.py
03
Attacker gains unauthorized access to [email protected] mailbox using harvested credentials Impact · N/A
Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Review
Hidden execution and egress
1 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
Attack Chain
01
Attacker obtains repository or accesses skill files
reconnaissance · SKILL.md:1
02
Attacker extracts hardcoded authorization code from email_analyzer.py CONFIG
Credential Access · email_analyzer.py:17
03
Attacker gains unauthorized access to [email protected] mailbox using harvested credentials
Impact · N/A
What drove the risk score up
Hardcoded credentials in source code +25
Authorization code 'WUEw8qhBwjzpUAZW' hardcoded in email_analyzer.py CONFIG dict
Credentials exposed in documentation +20
Full authorization code documented in SKILL.md lines 18-19
Credential stored in plaintext +15
No encryption or obfuscation of sensitive authentication data
Most important evidence
High Credential Theft
Hardcoded Email Authorization Code
The IMAP authorization code 'WUEw8qhBwjzpUAZW' for [email protected] is hardcoded in plaintext within email_analyzer.py CONFIG dictionary. If the repository is exposed or shared, this credential could be harvested.
email_analyzer.py:17 Move credentials to environment variables: os.environ.get('EMAIL_AUTH_CODE')
High Doc Mismatch
Credentials Exposed in Documentation
SKILL.md explicitly documents the full authorization code in the固化配置 table (lines 18-19), making it trivial to extract credentials from documentation alone.
SKILL.md:18 Replace actual credential with placeholder: '授权码 | $EMAIL_AUTH_CODE'
Medium Sensitive Access
Email Content Access Without User Consent Flow
The view_email.py script fetches full RFC822 email content including body text. While documented, there's no user confirmation step before retrieving full email content.
view_email.py:1 Add user confirmation prompt before fetching full email body
Low Credential Theft
Credentials Not Pinned in Dependencies
The imapclient library is used without explicit version pinning in requirements.txt (no requirements.txt found).
email_analyzer.py:6 Add requirements.txt with pinned versions: imapclient==2.3.1
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
IMAPClient connects to imap.126.com for email access Filesystem Pass
Declared WRITE
→ Inferred WRITE
Writes JSON backup files and analysis reports Shell Pass
Declared WRITE
→ Inferred WRITE
Shell script wraps Python execution; all documented Suspicious artifacts and egress
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| imapclient | unpinned | pip import | No | No requirements.txt or version constraint found |
File composition
9 files · 1174 lines
Python 7 files · 856 linesMarkdown 1 files · 211 linesShell 1 files · 107 lines
Files of concern · 3
email_analyzer.py Hardcoded Email Authorization Code · Credentials Not Pinned in Dependencies
SKILL.md Credentials Exposed in Documentation · [email protected]
view_email.py Email Content Access Without User Consent Flow
Other files · delete_selective.py · email-analyzer.sh · view_details.py · delete.py · backup.py · verify.py
Security positives
No reverse shell or C2 infrastructure detected
No data exfiltration to external IPs beyond legitimate IMAP connection
All shell operations are documented and necessary for the stated purpose
Deletion operations require explicit --confirm flag and manual 'yes' input
Backup functionality preserves data before deletion
No obfuscation techniques (base64, eval) detected
IMAP connection is to legitimate 126.com server only