smtp-sender

What to consider before installing: - The script does send email via SMTP using credentials stored in smtp-config.json next to the skill; those credentials are plaintext in that file. Consider storing SMTP credentials in a secret manager or environment variables rather than a repo file. - SKILL.md promises markdown-to-HTML conversion, retry logic, and logging — none of these are implemented. If you need those features, review and update the code (add a markdown library, add retry/error-handling and persistent logging) before relying on it. - The script will attach any file paths you supply. If you allow automatic or autonomous invocation, be careful: an agent could be instructed to attach and send arbitrary local files (risk of data exfiltration). Restrict autonomous use or add path whitelisting and validation. - The example config contains placeholder credentials and an internal IP — treat it as an example only. Ensure file permissions (chmod 600) and that the skill directory is not world-readable. - If you want to use this skill safely: audit the code, implement missing features properly (markdown conversion, retries, logging), move credentials to a secret store or environment variables, add explicit input validation for attachment paths, and restrict autonomous invocation or require explicit user confirmation before sending. Confidence note: high — the code is small and the mismatches between documentation and implementation are clear. There are no signs of network C2 endpoints or obfuscated code, but the feature/documentation inconsistencies and plaintext credential handling are noteworthy.