agent-mail

Fail

Audited by Socket on Jun 4, 2026

4 alerts found:

Anomalyx3Malware
AnomalyLOW
scripts/integrate_cursor.sh

This appears to be a legitimate integration/bootstrap script that configures an MCP HTTP endpoint for Cursor and performs authenticated JSON-RPC bootstrapping/registration. No direct signs of overt malware behavior are present in the fragment. However, there are meaningful security risks: (1) use of eval on runtime-produced output (shell-injection risk if configuration values can be influenced), (2) persistence of a bearer token into generated config artifacts (credential exposure-at-rest), (3) reliance on sourced scripts/lib.sh and generated helper script behavior not shown here, and (4) network destination trust derived from configuration settings.

Confidence: 62%Severity: 56%
AnomalyLOW
scripts/integrate_cline.sh

No definitive evidence of intentional malware is present in this fragment. However, the script introduces notable security risks: (1) use of eval on Python-produced shell export content derived from configurable settings (potential command-injection vector if host/port/path are not strictly validated), (2) bearer token persistence in a project-local JSON config (and possible duplication in backups), and (3) authenticated remote bootstrap (ensure_project/register_agent) to a dynamically derived URL without allowlisting/strong validation. Review scripts/lib.sh for token handling, logging redaction, and safe file/permission behavior to fully assess risk.

Confidence: 66%Severity: 63%
AnomalyLOW
scripts/integrate_github_copilot.sh

This code is best characterized as an integration/bootstrapper for GitHub Copilot MCP with authenticated JSON-RPC provisioning and IDE configuration. There is no clear indicator of covert malware in the visible snippet. However, security risk is meaningfully elevated by (1) use of eval on command output (execution sink), (2) storing bearer tokens in an IDE configuration file, and (3) reliance on a sourced local helper library and a generated helper script whose contents/permission hardening are not visible here. Overall: likely legitimate automation, but should be reviewed in the context of scripts/lib.sh and the generated run helper to rule out supply-chain sabotage.

Confidence: 60%Severity: 56%
MalwareHIGH
SKILL.md

SUSPICIOUS. The skill's capabilities largely match its stated purpose as a local multi-agent coordination layer, and its documented data flows are mostly local. The main concern is install trust: it recommends executing a remote raw GitHub installer via curl|bash from a personal account, which creates meaningful supply-chain risk even without stronger signs of malicious behavior.

Confidence: 81%Severity: 62%
Audit Metadata
Analyzed At
Jun 4, 2026, 03:13 AM
Package URL
pkg:socket/skills-sh/dicklesworthstone%2Fmcp_agent_mail%2Fagent-mail%2F@c83f691ae60e652433a6124118aef7a622ef6311
Security Audit — socket — agent-mail