QQ Email with AI

Key points to check before installing/using: - Credentials: The registry metadata did not declare required env vars, but the code and SKILL.md expect QQ_EMAIL and QQ_EMAIL_AUTH_CODE (IMAP/SMTP authorization code). AI features require DASHSCOPE_API_KEY. Only set these in an environment you control; treat the QQ auth code like a password and rotate it if exposed. - Privacy: If you enable AI features (or set DASHSCOPE_API_KEY), email subjects/bodies (and possibly extracted attachments) are sent to the DashScope/通义千问 API. Only enable this if you trust that provider and are comfortable with email contents leaving your device. - Missing/verify files: SKILL.md references a download_attachments script that is not present in the provided manifest excerpt — verify the full package contains all referenced scripts (especially any that write files or upload data). Review scripts that handle attachments and sending to ensure they behave as you expect. - Minimal use: If you only need basic send/read/manage features, run scripts without setting the DASHSCOPE_API_KEY or use the provided '--no-ai' / non‑AI options to avoid external API calls. - Audit the code: Because the skill runs locally and connects to your mailbox, inspect scripts (especially send_email, download/attachment handling, and AI call sites) yourself or run them in a restricted/test account first. Consider running in an isolated environment or on a throwaway QQ account until you are confident. - If in doubt: classify this skill as suspicious due to metadata omissions and external AI calls. Ask the publisher to update registry metadata to declare the required env vars and to explicitly state in SKILL.md when/where email contents are sent to third parties.