agentmail

SUSPICIOUS: The skill is purpose-aligned for agent-owned email and uses mostly coherent official AgentMail infrastructure, so it is not clearly malicious. However, it grants autonomous messaging capability, processes untrusted inbound email, and forwards an API key to an unpinned external MCP package executed via npx, creating meaningful security risk disproportionate to a low-trust automation environment.