gmail

SUSPICIOUS: the Gmail purpose is coherent, and the Google OAuth setup is consistent with official Gmail API usage, but the skill’s core capability depends on an unverifiable local CLI that receives OAuth tokens, mailbox contents, and can send email on the user’s behalf. That combination makes the data flow and execution trust disproportionate unless the local script’s provenance is independently verified.