LobsterMail

The skill's behavior broadly matches an email SDK, but its installation and update instructions (curl | sh, npx runs, automatic re-download of SKILL.md, and local token persistence) create supply‑chain and credential‑persistence risks that are disproportionate to a simple instruction-only skill.

This skill appears to implement the advertised email functionality, but it relies on dynamic installs and auto-updates from https://api.lobstermail.ai and persists a service token to ~/.lobstermail/token. Those behaviors let a remote party change the skill or execute code on your system later. Before installing: 1) Avoid piping remote scripts into sh; download and inspect any installer first. 2) Review the source of the npm packages (@lobstermail/mcp and lobstermail) and their maintainers. 3) Consider where the token will be stored and who can read it — treat it as a secret. 4) If you must use it, constrain its privileges (run in a sandbox/container or with minimal filesystem/network access) and avoid enabling background/autonomous execution. Additional information that would raise confidence to 'benign': published source code for the npm packages and MCP tool, documented code review/attestations for the install endpoint, or removal of the curl|sh and auto-overwrite behaviors.