139mail

This SKILL.md describes a legitimate-seeming local mailbox management skill for 139.com that requires the user's authorization code and installs the imapclient library. The primary security concerns are: (1) instructions to lower TLS security and to set PYTHONHTTPSVERIFY=0 which significantly increase MITM risk; (2) persistent storage of the authorization code in a local JSON file — sensitive if the host is compromised or scripts leak it; and (3) lack of provided script contents in this artifact prevents full verification that credentials or mail data are never transmitted to third parties. There are no explicit indicators of deliberate malicious behavior (no exfiltration endpoints, no obfuscated code, no curl|bash download-execute chains), so confirmed malware likelihood is low. Nevertheless, the guidance to weaken TLS and disable verification elevates the overall security risk to a moderate level. Review and audit of the actual scripts (config_manager.py, check_mail.py, send_mail.py, etc.) is recommended before use, and avoid setting PYTHONHTTPSVERIFY=0 or enabling insecure compatibility unless in a fully trusted network.