IMAP Email Reader

What to consider before installing: - This skill requires your IMAP credentials (IMAP_USER and IMAP_PASS). The included setup helper will store them in a .env file inside the skill folder — only install/run if you accept storing credentials on disk and have .gitignore configured to keep them out of version control. - The registry summary at the top of this package incorrectly claimed 'no required env vars'; don't trust that — the code and skill.json do require credentials. - The skill suggests setting IMAP_REJECT_UNAUTHORIZED=false for ProtonMail Bridge (self-signed cert). Only use that for a trusted local Bridge instance. Never disable certificate verification for public IMAP servers. - The installation uses npm packages from the public registry (imap-simple, mailparser, dotenv). Review/scan dependencies (npm audit) before installing in sensitive environments. - setup.sh checks for a running ProtonMail Bridge by scanning process lists (ps). This is reasonable for detecting Bridge locally but means the script reads process information on the host. - There is no evidence of hidden network exfiltration in the code. Still: if you run this in an agent that can be invoked autonomously, consider running it in an isolated session or sandbox, and prefer app-specific passwords (Gmail app password) where possible. If you want to proceed: verify the skill.json / SKILL.md expectations match (ensure IMAP_PASS is provided and marked sensitive), run npm install in an isolated environment first, and inspect the .env file handling to ensure it meets your security policies.