agent-mail
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: A private Ed25519 signing key file (signing-77c6e768.key) is included in the project source, which could be misused to forge or modify mailbox bundles if this key is used in production.
- [REMOTE_CODE_EXECUTION]: The recommended installation method and secondary component installers (beads_rust, beads_viewer) rely on downloading remote scripts from GitHub and piping them directly into the shell (curl | bash).
- [COMMAND_EXECUTION]: The installer script uses sudo to install the jq utility via system package managers if it is not detected.
- [COMMAND_EXECUTION]: The installation process modifies user shell configuration files (~/.bashrc or ~/.zshrc) to add persistent command aliases and update the PATH environment variable.
- [COMMAND_EXECUTION]: The deployment wizard (share_to_github_pages.py) defaults to creating public repositories when exporting mailbox data to GitHub Pages, posing a data exposure risk.
- [COMMAND_EXECUTION]: The server startup script (run_server_with_token.sh) contains hardcoded absolute paths specific to the author's local machine environment (/Users/jemanuel/), which may lead to execution failures or security risks on other systems.
- [EXTERNAL_DOWNLOADS]: Setup scripts automatically fetch and execute the uv installer from astral.sh during the bootstrapping process.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/mcp_agent_mail/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata