mail

SUSPICIOUS: the skill’s purpose is coherent, but Gmail data and auth are brokered through a Shift gateway and an opaque precompiled local bundle rather than clearly documented direct Google API calls. That makes the footprint broader and less transparent than a typical Gmail skill, creating medium security risk without enough evidence for confirmed malware.