Sog

Name/description (Standards Ops Gadget) match the included code and SKILL.md: a Go CLI implementing IMAP/SMTP/CalDAV/CardDAV/WebDAV clients. Required binary is 'sog' and the install uses a go package from github.com/visionik/sogcli — all appropriate for a Go CLI. No unrelated services or credentials are requested.

SKILL.md tells the agent to invoke the sog CLI and documents commands; the runtime behaviors described (reading ~/.config/sog/config.json, using system keychain, contacting IMAP/SMTP/CalDAV/CardDAV/WebDAV endpoints) are consistent with an email/calendar/contacts/files client. There are no instructions to read unrelated system files or to send data to unexpected endpoints in the docs. Note: the CLI will access the user's account configuration and passwords (via keychain or optional file storage) and will make network connections to whatever servers the user configures — which is expected for this tool.

Install uses 'go install github.com/visionik/sogcli/cmd/sog@latest' which is standard for Go CLIs; this downloads and builds source from the GitHub repo. This is expected and proportionate, but using @latest means you pull the tip (supply-chain risk if repository is compromised). No exotic download URLs or archive extraction are present.

The skill declares no required environment variables (SKILL.md documents optional SOG_ACCOUNT). It does require access to user passwords/config (stored in system keychain by default, or optionally a file if the user chooses 'file' storage). That access is appropriate for an email/CalDAV/CardDAV/WebDAV client. There are no unrelated credential requests.

The skill is not always-included and follows normal model-invocation defaults. It stores its own config under ~/.config/sog/config.json and uses the system keychain (or an optional file). It does not request elevated system privileges or attempt to modify other skills or global agent settings.