resend

SUSPICIOUS: the skill’s capabilities match its stated email-management purpose and the credential scope is narrow, but it relies on an unofficial third-party CLI and forwards a live Resend API key into that external tool. This is not confirmed malware, yet the install trust and credential-forwarding model are weaker than an official Resend SDK or direct API integration.