gmail-access

The skill is purposefully designed to enable Gmail access via a CLI using 1Password OAuth, with multi-step preflight checks and interactive setup. Its footprint is coherent with its stated purpose, but there are multiple security-oriented cautions: exposure of UUIDs/emails in stdout during preflight, reliance on local token storage that could be exposed in compromised environments, and reliance on external tools (1Password CLI, bun) with potential supply-chain implications if those tools or their configurations are compromised. The workflow also involves broad permissions for OAuth scopes (gmail.compose during setup) and potential cross-project token caching. Overall, the implementation is suspiciously detailed and interactive for a tool that handles sensitive email data, but not definitively malicious. It should be treated as a high-risk, albeit non-malicious by default, supply-chain component that requires strict operational security review before production use.