letterly-automation

SUSPICIOUS: the skill’s stated purpose mostly matches its capabilities, but trust is weakened by an unverified Letterly domain, unseen dependency/script contents, and a workflow that combines browser login with broad local vault access. No clear malicious exfiltration is visible from the provided text, but the install and data-flow gaps are significant enough to avoid a benign classification.