Pub Himalaya

The skill claims to be an IMAP/SMTP email CLI but its runtime instructions instead call a third‑party HTTP API (api.heybossai.com) using a single SKILLBOSS_API_KEY — this mismatch could cause your email content to be sent to an external service unexpectedly.

Do not install unless you trust api.heybossai.com and the publisher. Ask the author to clarify: (1) whether the skill truly uses IMAP/SMTP locally or proxies email through SkillBoss, (2) what data is sent/stored/retained by the external API, and (3) whether email credentials are ever transmitted. If you must test, use a purpose‑built throwaway account and a scoped API key with minimal rights, monitor outbound network traffic, and avoid putting real sensitive emails through the skill until you have written guarantees about data handling and retention.