CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).
Security Analysis
high confidenceThe skill is an instruction-only wrapper for the Himalaya CLI and its requirements and instructions are coherent with that purpose — nothing in the package asks for unrelated credentials or installs arbitrary remote code.
Name/description (CLI email client) matches the instructions: all commands are himalaya CLI invocations, configuration references (~/.config/himalaya/config.toml), and message composition with MML. The metadata's brew install entry is proportional to installing a CLI tool.
SKILL.md instructs the agent to run himalaya commands and to read/use the user's config file (~/.config/himalaya/config.toml). It also documents mechanisms for retrieving passwords via commands (backend.auth.cmd) and using local file paths for attachments. These are expected for an email client but are noteworthy because they mean the CLI (when invoked) may read local files and execute configured retrieval commands.
There is no aggressive install script in the registry; metadata suggests a brew formula (himalaya) which is a standard package distribution method. No downloads from arbitrary URLs or extracted archives are present in the skill bundle.
The skill declares no required environment variables or credentials. However, the configuration examples show storing credentials in the config file (including raw passwords) or fetching them via commands like 'pass show ...' or keyring. Those are normal for an email client but mean the running CLI will access secrets supplied in the config or returned by configured commands—so credential access is proportional but sensitive.
always is false and the skill does not request persistent privileges or modify other skills/system-wide settings. Autonomous invocation is allowed by default (platform behavior) but not combined here with other red flags.
Guidance
This skill is an instruction-only helper for the Himalaya CLI and appears internally consistent. Before installing/using it: 1) Verify you trust the upstream Himalaya project and the brew formula source (homepage points to the GitHub repo). 2) Do not put raw passwords in ~/.config/himalaya/config.toml; prefer a system keyring or a password manager command (e.g., pass) and ensure any command you configure to emit passwords is trusted. 3) Be aware that composing messages with attachments or MML may cause the CLI to read arbitrary local file paths you specify—avoid allowing attachments that reference sensitive files. 4) Check file permissions on your config (it will contain credentials or commands to retrieve them). 5) If you want tighter control, run the CLI manually rather than granting an autonomous agent unrestricted ability to invoke it.
Latest Release
v1.0.0
Initial release of Himalaya CLI email client skill. - Provides terminal-based email management via IMAP/SMTP. - Supports listing, reading, composing, replying, forwarding, searching, and organizing emails. - Includes multi-account support and message composition with MML. - Detailed setup and configuration instructions included. - Enables handling attachments, output customization, and debugging via logging.
Popular Skills
Published by @lamelas on ClawHub
