Skill Trust Decision
imap-idle-sneder
Skill performs legitimate IMAP email monitoring but contains hardcoded credentials and undeclared network access to IMAP server and Feishu API.
Most direct threat evidence
High Credential Theft
Hardcoded email credentials in source code QQ email authorization code stored as string literal PASSWORD = '******' in imap_idle.py line 37. If repo is public or shared, credentials are exposed.
scripts/imap_idle.py:37 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
2 dependency or supply-chain issues need attention.
What drove the risk score up
Undeclared network access +15
SKILL.md declares no network access but script connects to IMAP server and Feishu API
Hardcoded credentials in source code +15
Email password, Feishu APP_ID, APP_SECRET, and USER_ID stored as string literals
Email content exfiltration to third-party +10
Full email body (body, subject, sender) sent to Feishu, not declared in core functionality docs
No dependency version pinning +5
imap-tools and beautifulsoup4 used without version constraints
Most important evidence
High Credential Theft
Hardcoded email credentials in source code
QQ email authorization code stored as string literal PASSWORD = '******' in imap_idle.py line 37. If repo is public or shared, credentials are exposed.
scripts/imap_idle.py:37 Move credentials to environment variables or a separate .env file that is .gitignored
High Credential Theft
Hardcoded Feishu API credentials
Feishu APP_ID, APP_SECRET, and USER_ID stored as string literals in source code (lines 127-129), exposing integration credentials.
scripts/imap_idle.py:127 Load from environment variables: os.environ.get('FEISHU_APP_ID')
Medium Doc Mismatch
Undeclared network access
SKILL.md declares 'NONE' permissions but the script makes HTTP requests to open.feishu.cn and connects to imap.qq.com:993. Network access is critical to functionality but not documented.
SKILL.md:1 Update SKILL.md to declare network:WRITE for IMAP and Feishu API access
Medium Data Exfil
Email content sent to third-party service
Full email body (up to 500 chars), subject, sender name and email are forwarded to Feishu API. This data exfiltration is mentioned in docs but credential theft aspect is concerning.
scripts/imap_idle.py:180 Document what data is sent externally. Consider if all email fields need to be transmitted.
Low Supply Chain
Dependencies without version pinning
imap-tools and beautifulsoup4 used without version constraints. Could lead to unexpected behavior if a new version changes behavior.
scripts/imap_idle.py:26 Pin versions: imap-tools>=0.45.0, beautifulsoup4>=4.9.0
Declared capability vs actual capability
Network Block
Declared NONE
→ Inferred WRITE
scripts/imap_idle.py:136,198 Filesystem Block
Declared NONE
→ Inferred WRITE
scripts/imap_idle.py:52-53 writes to workspace and log files Environment Block
Declared NONE
→ Inferred READ
Credentials should be env-based but are hardcoded Suspicious artifacts and egress
Medium External URL
https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal scripts/imap_idle.py:136
Medium External URL
https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id scripts/imap_idle.py:198
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| imap-tools | * | pip | No | Version not pinned |
| beautifulsoup4 | * | pip | No | Version not pinned, used for HTML parsing |
File composition
2 files · 485 lines
Python 1 files · 407 linesMarkdown 1 files · 78 lines
Files of concern · 2
scripts/imap_idle.py Hardcoded email credentials in source code · Hardcoded Feishu API credentials · Email content sent to third-party service · Dependencies without version pinning · https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal · https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id · [email protected]
SKILL.md Undeclared network access
Security positives
Script functionality is legitimate - email notification service
No reverse shell, C2 communication, or obvious malicious code
No base64 encoding or obfuscation detected
No attempts to access ~/.ssh, ~/.aws, or other credential paths
Uses standard libraries (imaplib, urllib) rather than suspicious tools