email

SUSPICIOUS. The core behavior mostly aligns with an email skill and uses the apparent official AgentMail API, but the skill reads raw local credentials, supports autonomous outbound email/signups, and includes a questionable legacy org-wide token path. The CLI provenance is somewhat inconsistent due to the package-name mismatch, raising install-trust concerns without reaching maliciousness.