Fastmail Jmap.Disabled

This package implements a Fastmail JMAP CLI and legitimately needs a Fastmail API token (FASTMAIL_TOKEN) with Email (read/write) and Email Submission (send) scopes — that's expected for the advertised features. However, there are inconsistencies in the package metadata (registry metadata claims no required env vars; _meta.json owner/version differ), which makes provenance unclear. Before installing or enabling this skill: - Verify provenance: confirm the skill author/owner and that the code matches a trusted source (e.g., theagentwire.ai or an official repository). The mismatched ownerId/version is a red flag for packaging mistakes or copy/paste. - Use a dedicated Fastmail token with minimal scopes (create a token only for the account you want the agent to access). Do not reuse a high-privilege or long-lived token used elsewhere. - Prefer running the scripts in an isolated environment (container or VM) and test read-only commands first (unread, search, read) before enabling send/move/trash actions. - If you enable automated checks (cron/heartbeat), ensure the agent is configured to never send emails without explicit approval and consider logging actions. - If you need stronger assurance, ask the maintainer for a canonical source (repo URL or signed release) and why registry metadata differs; request an updated package where required env vars and owner metadata are consistent. Given the functionality and lack of obvious exfiltration, this is not clearly malicious, but the metadata inconsistencies and provenance uncertainty make it suspicious. Proceed with caution and the mitigations above.