Safety Report

Resend

Name: Resend
Rating: 5 (2 reviews)
Author: mjrussell

Manage received (inbound) emails and attachments via Resend API. Use when user asks about their emails, received messages, or email attachments.

2,064Downloads

4Installs

2Stars

1Versions

API Integration4,971 Email Automation721

Security Analysis

high confidence

Clean0.04 risk

The skill's requirements and runtime instructions match its stated purpose (querying inbound emails via the Resend API); nothing requested is disproportionate, though you should verify the npm package provenance before installing globally.

Feb 11, 20261 files1 concern

Purpose & Capabilityok

Name/description (manage inbound emails via Resend) align with required items: the 'resend' CLI binary and a RESEND_API_KEY are exactly what this task needs.

Instruction Scopeok

SKILL.md only instructs running the resend CLI and using --json/jq for parsing; it does not ask the agent to read unrelated files, other env vars, or send data to unexpected endpoints.

Install Mechanismnote

No formal install spec in the metadata (instruction-only). SKILL.md recommends npm install -g @mjrussell/resend-cli — installing a global npm package is standard but you should verify the package's publisher and that it is the official Resend CLI before running a global install.

Credentialsok

Only RESEND_API_KEY is required (declared). That is proportional and expected for read access to inbound emails. The SKILL.md explicitly recommends creating an API key with read permissions.

Persistence & Privilegeok

Skill is user-invocable, not always-included, and does not request system-wide persistence or modify other skills—privilege level is appropriate.

Guidance

This skill appears coherent for querying inbound emails via Resend. Before installing or using it: 1) Confirm the CLI package name/author (@mjrussell/resend-cli) is the official/resend-backed release to avoid installing a malicious npm package. 2) Create a scoped API key with only the necessary read permissions and avoid using broad or long-lived keys; revoke it if you stop using the skill. 3) Installing the CLI globally (npm -g) affects your system PATH—prefer a vetted package or use a container/virtual environment if unsure. 4) The skill is instruction-only and only needs RESEND_API_KEY and the resend binary; no other secrets or file reads are requested. If you want extra assurance, ask for the official upstream package link or repository before installing.

Latest Release

v0.1.0

Initial release - manage received emails and attachments via Resend API

More by @mjrussell

Todoist

39 stars

Paprika

2 stars

Anylist

1 stars

Fitbit

1 stars

Hevy

0 stars

Trimet

0 stars

Published by @mjrussell on ClawHub